Date: Wed, 15 Oct 2008 22:22:17 -0700 (PDT) From: mdh <mdh_lists@yahoo.com> To: freebsd-questions@freebsd.org, Da Rock <rock_on_the_web@comcen.com.au> Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system Message-ID: <831334.93256.qm@web56806.mail.re3.yahoo.com> In-Reply-To: <1224133478.3458.86.camel@laptop1.herveybayaustralia.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--- On Thu, 10/16/08, Da Rock <rock_on_the_web@comcen.com.au> wrote: > From: Da Rock <rock_on_the_web@comcen.com.au> > Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system > To: freebsd-questions@freebsd.org > Date: Thursday, October 16, 2008, 1:04 AM > > <grin> Actually I'm not sure... I'm just an > innocent bystander :) > > Throughout the thread there was mention of enabling nat in > the rc.conf, > so whichever that was... > > My consideration was just in general. Someone mentioned > enabling nat, > another said don't double nat, so I thought routed > would be better. But > it seems routed is not the way to go, but to keep > gateway_enable: > question remains as to whether to use nat or not (I suppose > in any form; > but if you can enlighten me with regard if one form of nat > is better > than another especially in the case of double nat then > I'd appreciate > the information). > > The main reason I'm bring up this issue is to clarify > (and possibly the > OP will then get a better picture too) of precisely how to > accomplish > the result required. And maybe increase my knowledge of the > subject > too :) thats always a good thing. Essentially, you need three things to accomplish nat'ing via the way I'm going to describe. There're several ways to do it, but I'll only cover one here, because to describe others, I'd need to go look up docs, which you're more than welcome to do for yourself if you don't like the way I'm going to touch on. First, you need gateway_enable set to yes in /etc/rc.conf. This is universally true regardless of which method you use for nat'ing. What this does is instruct the kernel that it has multiple interfaces, and that it must pass packets across them, acting as a router. This has nothing to do with various route discovery protocols, it only sets a sysctl which tells the kernel to route packets across multiple interfaces. The default behavior is for the kernel not to do so. Second, you'll need some way for your NAT to get packets. In some cases, the NAT method is built into the way that it gets packets. With the way I'm discussing here, it's not. In this case, we'll use `ipfw`. You'll need a kernel that supports ipfw for this to work, obviously. The rule you'll need should look something like this: divert 8668 ip4 from any to any via sis0 Where sis0 is your EXTERNAL network interface (ie, the one facing your cable modem, modem, or whatever else.) The command to add this should look something like: `ipfw add <rule number> divert 8668 ip4 from any to any via <interface>` where rule number is the rule number you'll use (it should be a low one!) and interface is your external-facing network interface device. Third, you'll need natd itself. natd can be enabled via - you guessed it - the rc.conf variable natd_enable. That's not all, though. You'll also need to (in rc.conf) set natd_interface to the interface you specified in the firewall rule, and you'll almost certainly want to set natd_flags to "-u". So all in all, you'll need the ipfw rule, ipfw enabled in your kernel, and the following lines in rc.conf: gateway_enable="YES" natd_program="/sbin/natd" natd_enable="YES" natd_interface="sis0" natd_flags="-u" You may also need to run dhclient or somesuch to get an address from your ISP, but that's a whole other story. Enjoy. - mdh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?831334.93256.qm>