From owner-freebsd-questions Sun Jun 1 21:50:54 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id VAA26303 for questions-outgoing; Sun, 1 Jun 1997 21:50:54 -0700 (PDT) Received: from dg-rtp.dg.com (dg-rtp.rtp.dg.com [128.222.1.2]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id VAA26297 for ; Sun, 1 Jun 1997 21:50:51 -0700 (PDT) Received: by dg-rtp.dg.com (5.4R3.10/dg-rtp-v02) id AA07740; Mon, 2 Jun 1997 00:50:14 -0400 Received: from ponds by dg-rtp.dg.com.rtp.dg.com; Mon, 2 Jun 1997 00:50 EDT Received: from lakes.water.net (lakes [10.0.0.3]) by ponds.water.net (8.8.5/8.7.3) with ESMTP id UAA04580; Sun, 1 Jun 1997 20:48:43 -0400 (EDT) Received: (from rivers@localhost) by lakes.water.net (8.8.5/8.6.9) id UAA18641; Sun, 1 Jun 1997 20:56:26 -0400 (EDT) Date: Sun, 1 Jun 1997 20:56:26 -0400 (EDT) From: Thomas David Rivers Message-Id: <199706020056.UAA18641@lakes.water.net> To: ponds!aol.com!Almondale, ponds!FreeBSD.ORG!freebsd-questions Subject: Re: IP Masquerading Content-Type: text Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > The latest linux kernel includes support for IP Masquerading, so "private > lans" can share a dialup gateway. What (if any) support does FreeBSD have for > doing this. I have the most recent PPP binaries, but the routed command, when > invoked with -q, returns "no route to hosts" or "can't assign requested > address", and I get the effect described in the PPP manpages, namely the > gateway host can see the internet via my ISP but *is not forwarding* packets > back to my private LAN. I have invoked ppp with the -alias subcommand and > given the static route to my ISDN-modem-equipped Freebsd (2.2.1) machine, but > IP forwarding never seems to occur. I have even tried to remake the kernel > using MROUTED, but it seems to me routed itself *ought* to work? Anybody with > experience getting this setup to work? > > Thanks, > Alex > > FreeBSD version 2.2 introduced diverted sockets. I have been very happily using 'natd' which does this translation for some time now. I've copied the "README" below. - Dave Rivers - A Network Address Translation Daemon for FreeBSD 1. WHAT IS NATD ? This is a simple daemon based on FreeBSD divert sockets which performs network address translation (or masquerading) for IP packets (see related RFCs 1631 and 1918). It is based on packet aliasing package (see README.alias) written by Charles Mott (cmott@srv.net). This package works with any network interface (doesn't have to be ppp). I run it on a computer having two ethernet cards, one connected to internet and the other one to local network. 2. GETTTING IT RUNNING 1) Get FreeBSD 2.2 - I think the divert sockets are not available on earlier versions, 2) Compile this software by executing "make". 3) Compile your kernel with following options: options IPFIREWALL options IPDIVERT 4) Ensure that your host is a gateway by setting gateway=YES in /etc/sysconfig 5) Test the software. View the contents of natd.test and if it seems to be ok (it flushes ipfw entries) execute it: sh natd.test name-of-the-internet-interface For myself, the interface is ep0, so this would work for me: sh natd.test ep0 6) Try from other machines in local network if the connection works. You should see some output from natd when it is running and processing packets. Your other machines must be configured to use the machine running natd as gateway. 7) If things seem to work, you can start natd in /etc/rc.local and modify /etc/rc.firewall to include suitable entries for natd. For more information see natd manual page. 3. FTP SITES FOR NATD This package is available at ftp://kn6-045.ktvlpr.inet.fi/pub/natd. 4. AUTHORS This program is the result of the efforts of many people at different times: Archie Cobbs Divert sockets Charles Mott Packet aliasing engine Eivind Eklund Packet aliasing engine Ari Suutari Natd Brian Somers Manual page, glue and bunch of good ideas. The original package written by Charles Mott is available at http://www.srv.net/~cmott. It is described in README.alias. Happy Networking - comments and fixes are welcome! Ari S. (ari@kn6-045.ktvlpr.inet.fi, ari@ps.carel.fi)