Date: Wed, 19 Mar 2008 16:02:59 -0400 From: Robert Huff <roberthuff@rcn.com> To: questions@freebsd.org Subject: confusion configuring NAT Message-ID: <18401.29043.824662.173177@jerusalem.litteratus.org>
next in thread | raw e-mail | index | archive | help
I'm trying to get NAT going, and apparently failing to understand large parts of the concept, 1) Per the handbook I have added options IPFIREWALL options IPDIVERT to the kernel. 2) The firewall is active, and configured so it works for the machine itself. (Settings appended.) 3) I need to do translation for all machines on 10.0.0.0/8. 4) Working from the ipfw man page: ipfw add nat 10 all from any to any then ipfw nat 10 config log ip 10.0.0.0/8 Uh-oh: ipfw: bad ip address ``10.0.0.0/8'' OK, choose one machine. ipfw nat 10 config log ip 10.0.0.3 Accepted. 5) Now, start natd. (natd.conf appended) /sbin/natd -l -f /etc/natd.conf Nope: natd: instance default: aliasing address not given Huh? This has gotten a lot more coplicated since the last time. :-P Robert Huff #! /bin/sh IF=em0 OF=em1 ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any /bin/sleep 3 # for DHCP ipfw add 350 allow udp from any 67-68 to any 67-68 # close NetBios to outside contact /etc/ipfw.netbios.set # close RPC to outside contact /etc/ipfw.rpc.set # no outside SNMP /etc/ipfw.snmp.set # # no IRC # /etc/ipfw.irc.set # established connections are okay. ipfw add 10000 allow tcp from any to any established # let all stuff out ipfw add 10100 allow all from any to any out via $IF # internal connections are okay (assuming that 10.0.0.0/8 is your IP # ipfw address range internally) ipfw add 10200 allow tcp from 10.0.0.0/8 to any 80 # not starting natd here, in case it's already running # allow anything not previously forbidden ipfw add 65000 allow ip from any to any **************** natd.conf **************** instance 10 interface em0 same_ports yes log_ipfw_denied yes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18401.29043.824662.173177>