Date: Fri, 07 May 1999 15:18:08 -0700 From: "Robert Sowders" <rsowders@usgs.gov> To: freebsd-questions@FreeBSD.ORG, kbogac@ibm.net Subject: Re: natd question Message-ID: <s7330451.067@usgs.gov>
next in thread | raw e-mail | index | archive | help
See below,
The magic of first love is our ignorance that it can ever end.
Benjamin Disraeli
British Prime Minister (1874-1880)
>>> "Kevin Bogac" <kbogac@ibm.net> 5/5/99 7:18:31 PM >>>
I cannot get natd to work. I have searched through all of the information I can find and my configuration seems correct. If I enable natd the interface blocks traffic. I'm getting a line in the system messages that says "/kernel: IP packet filtering initialized, divert disabled, rule-based forwarding disabled, logging disabled". I built the kernel with the two additional options. Did I miss something? Does the default rc.firewall work?
Thanks,
Kevin
Seems to be a configuration problem. The line stating that divert is disabled
seems to be your problem I think. If you are using two ethernet cards,
then check the following and modify the default rc.firewall and /etc/rc.conf
as directed.
If you are using a ppp connection different rules apply, and natd is not
needed.
This will be the config for an open firewall with a simple option. You firewall
will have minimal protection with these rules, you should tighten this up if
you are after more security, but this will get you going.
1. Make sure that the firewall options were compiled into your kernel, it sounds like you've done that correctly.
2. Make sure that your /etc/rc.conf contains the following. Edit for your
ip, subnet mask ,ifconfig_ed1, etc for your systems settings. The ones
below are just examples.
ifconfig_ed1="inet your.ip.outside.ip netmask 255.255.255.0"
ifconfig_xl0="inet 192.168.0.1 netmask 255.255.0.0"
defaultrouter="your.outside.router.ip"
network_interfaces="ed1 xl0 lo0" #change to your interfaces check dmesg
hostname="your.fqdn.hostname"
gateway_enable=YES
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="your outside interface name" #check dmesg
natd_flags="" # Additional flags for natd.
firewall_enable=YES
firewall_type="open" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
3. Put your ip number in the above places, put your default router in above, substitute your interface name for the above, noting inside and outside names
for use in your /etc/rc.firewall.
4. Using the default /etc/rc.firewall. Make sure you config the /etc/rc.firewall
to include the following correctly.
oif (outside interface)
oip (outside ip)
iif (inside interface)
iip (inside ip)
5. Using the default /etc/rc.firewall. Make sure you config the /etc/rc.firewall
for the following in the open section:
############
# This is a prototype setup that will protect your system somewhat against
# people from outside your own network.
############
# set these to your network and netmask and ip
net="192.168.0.0"
mask="255.255.0.0"
ip="192.168.0.1"
6. Make sure you config the /etc/rc.firewall for the following in the simple
section:
############
# This is a prototype setup for a simple firewall. Configure this machine
# as a named server and ntp server, and point all the machines on the inside
# at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="your.outside.interface.name from rc.conf"
onet="your.subnet.example.122.118.20.0"
omask="255.255.255.0"
oip="your.outside.ip"
# set these to your inside interface network and netmask and ip
iif="your.inside.interface.name.from.rc.conf"
inet="192.168.0.0"
imask="255.255.0.0"
iip="192.168.0.1"
7. Now reboot the machine. There are ways to bring this up without
rebooting, but to get it started let's just do it this way. If it still doesn't
come up, then remove the natd line from the /etc/rc.conf file and verify
that your interfaces and ip stack come up by pinging systems both inside
and outside your system. If that works then start natd and repeat the above
and also ping from a machine on the inside of the firewall to the outside.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s7330451.067>