From owner-freebsd-questions Sun Jul 7 15:38:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D1A537B400 for ; Sun, 7 Jul 2002 15:38:54 -0700 (PDT) Received: from viefep14-int.chello.at (viefep14-int.chello.at [213.46.255.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CAFC43E42 for ; Sun, 7 Jul 2002 15:38:53 -0700 (PDT) (envelope-from ant@overclockers.at) Received: from Deadcell.ant ([212.17.108.240]) by viefep14-int.chello.at (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with ESMTP id <20020707223852.EYGR2977.viefep14-int.chello.at@Deadcell.ant>; Mon, 8 Jul 2002 00:38:52 +0200 Received: from Deadcell.ant (localhost [127.0.0.1]) by Deadcell.ant (8.12.4/8.12.3) with ESMTP id g67McpLu086789; Mon, 8 Jul 2002 00:38:52 +0200 (CEST) (envelope-from ant@Deadcell.ant) Received: (from ant@localhost) by Deadcell.ant (8.12.4/8.12.4/Submit) id g67MckKI086788; Mon, 8 Jul 2002 00:38:46 +0200 (CEST) Date: Mon, 8 Jul 2002 00:38:46 +0200 From: Andreas Ntaflos To: Brossin Pierrick Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Server and Gateway Message-ID: <20020707223846.GA86670@Deadcell.ant> References: <001d01c225f5$28ec5f70$3200000a@nitrox> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001d01c225f5$28ec5f70$3200000a@nitrox> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jul 07, 2002 at 10:30:40PM +0200, Brossin Pierrick wrote: > > I'd like to the same with FreeBSD for my local network. > I read those two howtos: > > http://www.schlacter.net:8500/public/FreeBSD-STABLE_and_IPFILTER.html > http://www.muine.org/~hoang/freenat.html Those are not bad howtos, in fact I think they both explain a lot, but it's a little overkill when you just need NAT and packet filtering. > I'm a little bit confused now.. :/ > > I'd like/need (for the beginning) at least (I think) a firewall, adsl > connection (pppoe) and NAT.. > I read the handbook: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pppoe.html [snip] > So why are the two other howtos treating (as I understand) ip masquerading > with IPFilter. > > As you may see, I'm really confused with IPFilter NAT IP Masquerading .... > Can someone take the time to explain or give the url of a page please.. I > can't find any ? > Generally, firewall is a term used to describe a box or router doing packet filtering. But almost always, NAT (network address translation) is provided by such a box, too. For packet filtering on FreeBSD, you may choose between IPFilter (ipf) and IPFW. IPFilter is contributed software and exists for other operating systems as well. IPFW is maintained and developed by the FreeBSD team. Both are very good and tested packet filters. I for myself use ipf. IP Masquerading == NAT. When you come from the Linux world, you may know NAT as IP Masquerading. Nothing wrong about that. NAT lets you have your internal LAN access the outside world with only one modem/cable modem/DSL connection/whatever. So you may use a firewall like ipf or IPFW in conjunction with NAT. Very common setup. This of course only works with a working connection to the internet or outside network. That's where you need your DSL connection set up correctly as you read in the handbook. To use IPFilter and its NAT facility ipnat, you should add these lines to your kernel configuration file (refer to the handbook about that topic): options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK For IPFW and the NAT facility (natd): options IPFIREWALL options IPFIREWALL_VERBOSE options IPDIVERT For configureing rules for either package, consult the howtos you read, the handbook, the ipfilter website (http://www.ipfilter.org) and another nice howto for ipf: http://www.obfuscation.org/ipf/ So I hope this helped a bit on clearing up your confusion; And I hope I got everything right. HTH regards -- Andreas "ant" Ntaflos ant@overclockers.at Vienna, AUSTRIA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message