From owner-freebsd-questions Fri Feb 28 11:17:28 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA8EE37B44B for ; Fri, 28 Feb 2003 11:15:46 -0800 (PST) Received: from rambo.401.cx (rambo.401.cx [80.65.205.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 370F244251 for ; Fri, 28 Feb 2003 10:35:20 -0800 (PST) (envelope-from listsub@401.cx) Received: from 401.cx (rocky [192.168.0.2]) by rambo.401.cx (8.12.7/8.12.7) with ESMTP id h1SIZ1uA095724; Fri, 28 Feb 2003 19:35:02 +0100 (CET) (envelope-from listsub@401.cx) Message-ID: <3E5FAC07.1060000@401.cx> Date: Fri, 28 Feb 2003 19:35:51 +0100 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Christopher Blanchard Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATs/Firewall help References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Christopher Blanchard wrote: > I am a system administrator at a small private school in the > California mountains. I recently acquired a DSL connection > and would like to share it with the faculty and staff using > NATs. I put up a 4.7 stable dual-homed box (AJAX), rebuilt > the kernel with IPFIREWALL, IPFIREWALL_DEFAULT_TO_ACCEPT and > IPDIVERT. The DSL gateway is 4.63.122.77/255.255.255.252 the > internet interface is 4.63.122.78/255.255.255.252 on the LAN > side the interface is 10.10.236.5/255.255.255.0 and another > router is at 10.10.236.254, 10.10.2 36.1 is a dns/dhcp server > (RS1)(novell netware) cedulocal.com. I have read everything I > can get my hands on but cannot get AJAX to pass traffic. From > AJAX I can ping/ftp out to the internet and internally to RS1. > I would be appreciative of suggestions and would particularly > like sample rc.files with appropriate examples. X-server on > this machine will not work as it is a compaq with an embedded > Intel 82815e graphics which I am unable to turn off so http is > out, but ftp works fine. thanks > > > Internet AJAX > RS1 Router > 4.63.122.77 4.63.122.78 10.10.236.5 > 10.10.236.1 10.10.236.254 > 255.255.255.252 255.255.255.0 255.255.255.0 > 255.255.255.0 DNS 4.2.2.1 > DNS/DHCP Srvr cedulocal.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with > "unsubscribe freebsd-questions" in the body of the message Your /etc/rc.conf should contain the following: firewall_enable="YES" firewall_type="OPEN" firewall_script="/etc/rc.firewall" natd_enable="YES" natd_flags="-a 4.62.122.78" gateway_enable="YES" Basically, that should get you going. You may want to tweak things like firewall rules etc but the above should atleast work well enough to get you started. Unless you feel like playing with sysctl and ipfw manually you will have to reboot after adding the above lines. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message