Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Feb 2003 19:35:51 +0100
From:      "Roger 'Rocky' Vetterberg" <listsub@401.cx>
To:        Christopher Blanchard <cblanchard@cedu.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: NATs/Firewall help
Message-ID:  <3E5FAC07.1060000@401.cx>
References:  <se5f2298.047@cedu.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Christopher Blanchard wrote:
 > I am a system administrator at a small private school in the
 > California mountains.  I recently acquired a DSL connection
 > and would like to share it with the faculty and staff using
 > NATs.  I put up a 4.7 stable dual-homed box (AJAX), rebuilt
 > the kernel with IPFIREWALL, IPFIREWALL_DEFAULT_TO_ACCEPT and
 > IPDIVERT.  The DSL gateway is 4.63.122.77/255.255.255.252 the
 > internet interface is 4.63.122.78/255.255.255.252 on the LAN
 > side the interface is 10.10.236.5/255.255.255.0 and another
 > router is at 10.10.236.254, 10.10.2 36.1 is a dns/dhcp server
 > (RS1)(novell netware) cedulocal.com.  I have read everything I
 > can get my hands on but cannot get AJAX to pass traffic. From
 > AJAX I can ping/ftp out to the internet and internally to RS1.
 > I would be appreciative of suggestions and would particularly
 > like sample rc.files with appropriate examples.  X-server on
 > this machine will not work as it is a compaq with an embedded
 > Intel 82815e graphics which I am unable to turn off so http is
 > out, but ftp works fine. thanks
 >
 >
 > Internet                                  AJAX
 > RS1                                                Router
 > 4.63.122.77               4.63.122.78    10.10.236.5
 > 10.10.236.1                                     10.10.236.254
 > 255.255.255.252  255.255.255.0          255.255.255.0
 > 255.255.255.0 DNS 4.2.2.1
 > DNS/DHCP Srvr cedulocal.com
 >
 >
 >
 > To Unsubscribe: send mail to majordomo@FreeBSD.org with
 > "unsubscribe freebsd-questions" in the body of the message

Your /etc/rc.conf should contain the following:

firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/rc.firewall"
natd_enable="YES"
natd_flags="-a 4.62.122.78"
gateway_enable="YES"

Basically, that should get you going.
You may want to tweak things like firewall rules etc but the 
above should atleast work well enough to get you started.
Unless you feel like playing with sysctl and ipfw manually you 
will have to reboot after adding the above lines.

--
R


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E5FAC07.1060000>