From owner-freebsd-questions@FreeBSD.ORG Wed Mar 19 20:17:17 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABF13106566B for ; Wed, 19 Mar 2008 20:17:17 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from cenn-smtp.mc.mpls.visi.com (cenn.mc.mpls.visi.com [208.42.156.9]) by mx1.freebsd.org (Postfix) with ESMTP id 79FD68FC22 for ; Wed, 19 Mar 2008 20:17:17 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163]) by cenn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id 2B1578146; Wed, 19 Mar 2008 15:17:15 -0500 (CDT) Received: from build64.tcbug.org (unknown [208.42.70.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.tcbug.org (Postfix) with ESMTPSA id C7EFE6DA214; Wed, 19 Mar 2008 15:17:12 -0500 (CDT) From: Josh Paetzel To: freebsd-questions@freebsd.org Date: Wed, 19 Mar 2008 15:16:54 -0500 User-Agent: KMail/1.9.7 References: <18401.29043.824662.173177@jerusalem.litteratus.org> In-Reply-To: <18401.29043.824662.173177@jerusalem.litteratus.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5414217.h4EryexdgZ"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200803191516.59344.josh@tcbug.org> Cc: Robert Huff Subject: Re: confusion configuring NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2008 20:17:17 -0000 --nextPart5414217.h4EryexdgZ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 19 March 2008 03:02:59 pm Robert Huff wrote: > I'm trying to get NAT going, and apparently failing to > understand large parts of the concept, > 1) Per the handbook I have added > > options IPFIREWALL > options IPDIVERT > > to the kernel. > 2) The firewall is active, and configured so it works for the > machine itself. (Settings appended.) > 3) I need to do translation for all machines on 10.0.0.0/8. > 4) Working from the ipfw man page: > > ipfw add nat 10 all from any to any > > then > > ipfw nat 10 config log ip 10.0.0.0/8 > > Uh-oh: > > ipfw: bad ip address ``10.0.0.0/8'' > > OK, choose one machine. > > ipfw nat 10 config log ip 10.0.0.3 > > Accepted. > 5) Now, start natd. (natd.conf appended) > > /sbin/natd -l -f /etc/natd.conf > > Nope: > > natd: instance default: aliasing address not given > > > Huh? This has gotten a lot more coplicated since the last > time. :-P > > > > Robert Huff I don't see much in the man page for ipfw concerning nat, certainly not the= =20 rules you are specifying. Try man natd =20 =2D-=20 Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB --nextPart5414217.h4EryexdgZ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) iEYEABECAAYFAkfhdLsACgkQJvkB8Sevrsu6BQCeOD/lRY/zXkGF+laeY4BxvcR7 89gAnjXv/QPaRZvBcHX9BdTnGKedmc5D =IeN4 -----END PGP SIGNATURE----- --nextPart5414217.h4EryexdgZ--