From owner-freebsd-stable Sun Jul 7 17:52:21 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5385837B400 for ; Sun, 7 Jul 2002 17:52:17 -0700 (PDT) Received: from smurf.jnielsen.net (12-254-136-47.client.attbi.com [12.254.136.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92A9343E09 for ; Sun, 7 Jul 2002 17:52:16 -0700 (PDT) (envelope-from stable@jnielsen.net) Received: from max (max.local [192.168.0.9]) by smurf.jnielsen.net (8.12.3/8.12.3) with SMTP id g680q3YY000997; Sun, 7 Jul 2002 18:52:07 -0600 (MDT) (envelope-from stable@jnielsen.net) Message-ID: <025401c22619$b4181430$0900a8c0@max> From: "John Nielsen" To: "Brossin Pierrick" , References: <000801c225c9$bba4d030$3200000a@nitrox> <20020707173947.GA250@theshell.com> <000301c225f0$e43dcf70$3200000a@nitrox> Subject: Re: FreeBSD Server and Gateway Date: Sun, 7 Jul 2002 18:52:11 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Status: No, hits=0.1 required=5.0 tests=WEIRD_PORT version=2.20 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This belongs on -questions, not -stable. Anyway, read on. Brossin Pierrick wrote: > Hi, > > I don't know if you guys know SME (www.e-smith.org). > If not, it's a RedHat/Linux distro that does server and gateway (with > firewall mail http .....) > I'd like to the same with FreeBSD for my local network. No problem there. > I read those two howtos: > > http://www.schlacter.net:8500/public/FreeBSD-STABLE_and_IPFILTER.html > http://www.muine.org/~hoang/freenat.html > > I'm a little bit confused now.. :/ Neither of those howtos deal with using ppp (which you will need to use if your DSL modem doesn't do PPPoE for you). Follow the handbook (and read some man pages) to get your basic connection working, and then worry about a firewall and NAT. Since those howtos don't deal with ppp, they also won't tell you that FreeBSD's ppp software has NAT functionality built-in. Depending on what you need/want, you may just want to use that. Or you can disable it and use ipnat/ipfilter (or natd and ipfw). See also: man 8 ppp (long, but worth the read) man 4 ng_pppoe (for background--ppp should do most of the netgraph stuff automagically) chapter 16 of the handbook (you've looked at 16.4, but there's some basic stuff about ppp in there as well) For firewalling and other NAT options: man 8 natd man 8 ipfw sections 10.7 and 17.11 of the handbook man 1 ipnat man 8 ipf You probably only need/want one of either ipfw/natd or ipfilter/ipnat. They are basically two different implementations of the same functionality. You may like one better than the other. There are some good howto's out there, but (as you've discovered) they may be dated or incomplete for some setups. Use the freebsd-questions mailing list for further questions (or the comp.unix.bsd.freebsd.misc newsgroup is a good resource as well). Also use google groups to search both of those archives. > I'd like/need (for the beginning) at least (I think) a firewall, adsl > connection (pppoe) and NAT.. > I read the handbook: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pppoe.html > But it's telling : > > Add the following to your /etc/rc.conf file: > > ppp_enable="YES" > ppp_mode="ddial" > ppp_nat="YES" # if you want to enable nat for your local network, > otherwise NO > ppp_profile="name_of_service_provider" > > So why are the two other howtos treating (as I understand) ip masquerading > with IPFilter. > > As you may see, I'm really confused with IPFilter NAT IP Masquerading .... > Can someone take the time to explain or give the url of a page please.. I > can't find any ? HTH, JN To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message