From owner-freebsd-questions@FreeBSD.ORG Sun Aug 15 22:42:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DCEC16A4CE for ; Sun, 15 Aug 2004 22:42:43 +0000 (GMT) Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net [66.167.251.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A92443D2F for ; Sun, 15 Aug 2004 22:42:43 +0000 (GMT) (envelope-from wmoran@potentialtech.com) Received: from working.potentialtech.com (pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by internet.potentialtech.com (Postfix) with ESMTP id 3BE4B69A8C; Sun, 15 Aug 2004 18:42:42 -0400 (EDT) Date: Sun, 15 Aug 2004 18:42:41 -0400 From: Bill Moran To: "Hakim Z. Singhji" Message-Id: <20040815184241.58f08057.wmoran@potentialtech.com> In-Reply-To: <411EDD20.6090305@earthlink.net> References: <411EDD20.6090305@earthlink.net> Organization: Potential Technologies X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: NAT / ipfw / GW - FreeBSD 4.10 to Linux Private Network??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2004 22:42:43 -0000 "Hakim Z. Singhji" wrote: > Hello All, > > So with the help of all of you I have configure my FreeBSD 4.10 gateway. > I am able to ping, tracerout, ssh and call webpages with a fully > functioning DHCP client. I thank all of you from the bottom of my heart, > those of you that helped me out... its been hardwork and late nights (or > early mornings) building these computers from scratch and then > introducing them with Linux and FreeBSD OS's which I have only a > combined year of experience. > > With that said I have come to the final component of my network... the > NAT component. I was trying to play around with it until I found out > that I really didn't know what I was doing... so here I am again. > > I'm trying to configure one box through NAT via my FreeBSD gateway. I > figure after I do it once I'll be able to tweak it for the rest of my > machines. This is my set up > > [internet] --------------------- [firewall/gateway] -- [ linux box ] > 24.199.105.0 --> 192.168.1.1 -> 192.168.1.3 > ( dc0 ) ( txp0 ) ( eth0 ) > > I'm trying to get internet connection for my linux box, You simply need to set 192.168.1.1 as the Linux box's default gateway and set up the appropriate DNS servers in resolv.conf > and I also want > all pop3, smtp and http passed to my linux box as well. You'll need to set up port forwarding. See the man page for natd and pay close attention to the redirect_port diretive. If you're going to have many set up (as it seems you will) it's usually easier to put them in a config file and tell natd to read it's config from that file. > The freebsd box > is setup to be headless once I get this configured properly. In addition > I would like SSH2 to be able to tunnel from box to box as well as SSH2 > outside my network with my Linux box. Port forwarding again. But you'll have to use a non-standard port or you'll hit a conflict between sshd on the FreeBSD box and trying to forward sshd to the Linux box. Something like redirect_port tcp 192.168.1.3:22 2222 Then if you ssh with defaults to the gateway, you'll log in to the gateway, and if you ssh to port 2222, you'll ssh to the Linux box. > I have attached my config files for ipfw.rules, rc.conf, and natd.conf > however natd.conf is where I am "lost" I don't exactly know the rules > for natd.conf. I reviewed my resources: "The Complete FreeBSD" by Greg > Lehey and "Absolute BSD" by Michael Lucas however there was not much on > the actual syntax. If someone could help me in these areas it would be > greatly appreciated. Thanks in advance... On the FreeBSD box, to forward all traffic on port 80 to the linux box: redirect_port tcp 192.168.1.3:80 80 The other ports follow the same pattern. -- Bill Moran Potential Technologies http://www.potentialtech.com