From owner-freebsd-questions  Fri Oct 24 14:51:21 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA22982
          for questions-outgoing; Fri, 24 Oct 1997 14:51:21 -0700 (PDT)
          (envelope-from owner-freebsd-questions)
Received: from spire.vnc.lawrence.ks.us (root@spire.vnc.lawrence.ks.us [24.124.35.51])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA22969
          for <freebsd-questions@FreeBSD.ORG>; Fri, 24 Oct 1997 14:51:02 -0700 (PDT)
          (envelope-from anovick@vnc.lawrence.ks.us)
Received: from spire (anovick@localhost [127.0.0.1]) by spire.vnc.lawrence.ks.us (8.8.7/8.7.3) with SMTP id RAA07491 for <freebsd-questions@FreeBSD.ORG>; Wed, 23 Oct 1996 17:52:21 -0500
Message-ID: <326EA1A4.2777BC56@vnc.lawrence.ks.us>
Date: Wed, 23 Oct 1996 17:52:20 -0500
From: Andy Novick <anovick@vnc.lawrence.ks.us>
X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.31 i586)
MIME-Version: 1.0
To: freebsd-questions@FreeBSD.ORG
Subject: ipfw and natd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

I recently switched from Linux to FreeBSD as my firewall of choice. 
However I have been having some problems when trying to masquerade just
one machine on my local area network.  The only way it seems to work is
if I divert from everything to everything.  However this ended up
causing problems with windows 95 machine's netbioses at my ISP.  (I have
a cable modem, so we are just one big network)  I want to make it so I
am only masquerading my one machine.  I have the following set up:

Windows95 PC (box we are masquerading) IP 192.168.2.2 
FreeBSD PC (firewall) LAN IP= 192.168.2.3 INET IP= 24.124.35.52 ethernet
device= ed0

The following does its job with masquerading, but causes the problems
with my ISP:

natd -port 32000 -interface ed0 
ipfw add divert 32000 ip from any to any via ed0
ipfw add allow ip from any to any

All other setups I have tried such as diverting only from 192.168.2.2 to
any has not worked.  I would appreciate your insight. 

Thanks,

Andy

==================================
Andrew Novick	            
anovick@vnc.lawrence.ks.us    
Finger for Public PGP Key     
http://www.vnc.lawrence.ks.us/
==================================