From owner-freebsd-questions@FreeBSD.ORG Thu Jun 10 01:59:14 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE77E16A4CE for ; Thu, 10 Jun 2004 01:59:14 +0000 (GMT) Received: from ms-smtp-02.rdc-nyc.rr.com (ms-smtp-02-smtplb.rdc-nyc.rr.com [24.29.109.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 137A543D45 for ; Thu, 10 Jun 2004 01:59:12 +0000 (GMT) (envelope-from asolomon15@nyc.rr.com) Received: from [24.193.64.111] (24-193-64-111.nyc.rr.com [24.193.64.111]) i5A1x9BM022753 for ; Wed, 9 Jun 2004 21:59:10 -0400 (EDT) Message-ID: <40C7C07E.2090602@nyc.rr.com> Date: Wed, 09 Jun 2004 21:59:26 -0400 From: asolomon15 User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: help setting up natd and ipfw on freebsd5.2.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 01:59:14 -0000 Hello all, I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no luck. What I wanted to do was to setup a gateway for my internal network to my cable provider. On my server box I have two ethernet card dc0 pointing to cable modem and dc1 pointing to hub so that the other computers may connect with my bsd gateway. I managed recompile the kernel with options IPFIREWALL and IPDIVERT and kernel compiled successfully. Then I add natd, gateway and firewall to my rc.conf file gateway_enable="YES" natd_enable="YES' natd_interface="dc0" firewall_enable="YES" firewall_type="/etc/rc.firewall" I wanted to ping an external and internal hosts to see if this configuration worked so I really didn't want to have the firewall up so I added these 3 lines to my rc.firewall file /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via dc0 /sbin/ipfw add pass from any to any I wasn't able to ping any host inside or outside of my computer. When I disabled the ipfw I was able to ping them. Also I wanted to make sure if I needed to configure a dns server on my firewall to allow such services like http and ftp for internal hosts. I know that there are more sophisticated ipfw setups but I wanted to just get the natd setup so I could concentrate on the firewall later on. Thanks if you can help Antoine W. Solomon