From owner-freebsd-questions Wed Oct 4 7:56:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail-out.visi.com (kauket.visi.com [209.98.98.22]) by hub.freebsd.org (Postfix) with ESMTP id A368F37B503 for ; Wed, 4 Oct 2000 07:56:47 -0700 (PDT) Received: from isis.visi.com (isis.visi.com [209.98.98.8]) by mail-out.visi.com (Postfix) with ESMTP id EB18E37CA; Wed, 4 Oct 2000 09:56:46 -0500 (CDT) Received: from localhost (dgl@localhost) by isis.visi.com (8.8.8/8.8.8) with ESMTP id JAA21489; Wed, 4 Oct 2000 09:56:46 -0500 (CDT) X-Authentication-Warning: isis.visi.com: dgl owned process doing -bs Date: Wed, 4 Oct 2000 09:56:46 -0500 (CDT) From: Doug Lee To: Mike Meyer Cc: questions@freebsd.org Subject: Re: Help going from DSL to dialup In-Reply-To: <14810.27392.553139.867653@guru.mired.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 3 Oct 2000, Mike Meyer wrote: > > What is the easiest way I can convert this system to provide the same kind > > of nat/firewall service based on a dynamic dialup connection? I assume it > > will involve userland ppp, which has NAT capability built in; but I'd > > prefer to minimize the impact on my system configuration, since I expect > > this dialup access to be a temporary arrangement. I'm also not yet a pro > > with the features of userland ppp, having never had to use it before. > > Userland ppp is a good choice, as the man pages are excellent. Also > look at /etc/ppp/ppp.conf. Userland ppp also has some firewall > capabilities, which may be sufficient for your uses. Once you get ppp > working to your FreeBSD box, turn on NAT and gateway_enable (in > rc.conf), and you're pretty much done. If you weren't using the > internal IP address of the FreeBSD box as a gateway, you'll have to > tweak the rest of the LAN for that. But that should do it. By turning on NAT, do you mean the -nat option to the ppp program, or natd_enable="YES" in /etc/rc.conf, which I already have? I figured I'd either have to change the natd interface from ed0 to tun0, or stop using natd altogether, use ppp -nat, and learn what I need to do (if anything) to set up ppp -nat to provide the same features as natd does given my /etc/natd.conf file, which follows: interface ed0 unregistered_only yes use_sockets yes same_ports yes log no # DialPad redirect_port udp 192.168.2.1:51200 51200 redirect_port udp 192.168.2.1:51201 51201 redirect_port tcp 192.168.2.1:51210 51210 Thanks for responding to my question. -- Doug Lee dgl@visi.com http://www.visi.com/~dgl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message