Date: Thu, 23 Sep 1999 09:47:18 +0300 From: "Andy V. Oleynik" <andyo@prime.net.ua> To: Mikhail Teterin <mi@aldan.algebra.com> Cc: questions@FreeBSD.ORG Subject: Re: natd, ftp, two ethernet cards Message-ID: <37E9CCF5.C4B66CE2@prime.net.ua> References: <199909220531.BAA26383@rtfm.newton>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorrey Mike, I have forgotten to show my working rules for nat. I'm parallelized with a lot of task simultanuously :) 00100 pipe 1 ip from 10.0.0.0/8 to any 00100 allow ip from any to any via lo0 00200 pipe 2 ip from any to 10.0.0.0/8 #this is my dummynet rules :))) 00200 deny ip from any to 127.0.0.0/8 00300 divert 8668 ip from any to any via ed0 #remember substitute ed0 with ur public interface 65000 allow ip from any to any 65535 deny ip from any to any Mikhail Teterin wrote: > Can someone, whose setup resembles what's listed in the subject, please, > send his/her firewall rules and the /etc/natd.conf? > > Searching through the mailing lists, brings up only cries for help (like > this one), or confident responses like: "yeah, of course, just read the > natd(8)". Well, natd is NOT easy to understand, unfortunately. I need to > let the machines on my home LAN ftp out (to install FreeBSD over ftp, > for example). Being able to access my ISP's (MediaOne) news-server would > be nice too. > > Thanks a lot! > > -mi > > P.S. My favorite part of natd(8) is this: > > -redirect_port proto targetIP:targetPORT[-targetPORT] [aliasIP:]alias- > PORT[-aliasPORT] [remoteIP[:remotePORT[-remotePORT]]] Redirect > incoming connections arriving to given port(s) to another host > and port(s). Proto is either tcp or udp, targetIP is the > desired target IP number, targetPORT is the desired target > PORT number or range, aliasPORT is the requested PORT number > or range, and aliasIP is the aliasing address. RemoteIP > and remotePORT can be used to specify the connection more > accurately if necessary. The targetPORT range and aliasPORT > range need not be the same numerically, but must have the same > size. If remotePORT is not specified, it is assumed to be all > ports. If remotePORT is specified, it must match the size of > targetPORT, or be 0 (all ports). For example, the argument > > How can one tell the difference between "the desired" and "the > requested"?! > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- WBW Andy V. Oleynik (When U work in virtual office prime.net.ua's U have good chance to obtain system administrator virtual money ö%-) +380442448363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37E9CCF5.C4B66CE2>