From owner-freebsd-questions@FreeBSD.ORG Thu Jun 10 02:26:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3BDE16A4CE for ; Thu, 10 Jun 2004 02:26:35 +0000 (GMT) Received: from chello080110061116.502.15.vie.surfer.at (chello080110061116.502.15.vie.surfer.at [80.110.61.116]) by mx1.FreeBSD.org (Postfix) with SMTP id A876643D1F for ; Thu, 10 Jun 2004 02:26:34 +0000 (GMT) (envelope-from 4711@chello.at) Received: (qmail 21552 invoked from network); 10 Jun 2004 02:26:16 -0000 Received: from matrix010.matrix.net (192.168.123.10) by ns.matrix.net with SMTP; 10 Jun 2004 02:26:16 -0000 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Date: Thu, 10 Jun 2004 04:26:03 +0200 User-Agent: KMail/1.6.2 References: <40C7C07E.2090602@nyc.rr.com> In-Reply-To: <40C7C07E.2090602@nyc.rr.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_Hb8xARFbi2QjF2J"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200406100426.15786.4711@chello.at> cc: asolomon15 Subject: Re: help setting up natd and ipfw on freebsd5.2.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 02:26:36 -0000 --Boundary-02=_Hb8xARFbi2QjF2J Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 10 June 2004 03:59, asolomon15 wrote: > Hello all, > I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no > luck. What I wanted to do was to setup a gateway for my internal > network to my cable provider. On my server box I have two ethernet card > dc0 pointing to cable modem and dc1 pointing to hub so that the other > computers may connect with my bsd gateway. I managed recompile the > kernel with options IPFIREWALL and IPDIVERT and kernel compiled > successfully. > > Then I add natd, gateway and firewall to my rc.conf file > gateway_enable=3D"YES" > natd_enable=3D"YES' > natd_interface=3D"dc0" > firewall_enable=3D"YES" > firewall_type=3D"/etc/rc.firewall" You can use the standard firewall script in /etc/rc.firewall as is without= =20 modification, if you change natd_enable=3D"YES' to natd_enable=3D"YES" and= =20 firewall_type=3D"/etc/rc.firewall" to firewall_type=3D"OPEN".=20 > I wanted to ping an external and internal hosts to see if this > configuration worked so I really didn't want to have the firewall up > so I added these 3 lines to my rc.firewall file > > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via dc0 > /sbin/ipfw add pass from any to any > > I wasn't able to ping any host inside or outside of my computer. When I > disabled the ipfw I was able to ping them. Also I wanted to make sure > if I needed to configure a dns server on my firewall to allow such > services like http and ftp for internal hosts. I know that there are > more sophisticated ipfw setups but I wanted to just get the natd setup > so I could concentrate on the firewall later on. > > > Thanks if you can help > Antoine W. Solomon > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" =2D-=20 Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x941B6B0B=20 OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu --Boundary-02=_Hb8xARFbi2QjF2J Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAx8bHcyi/EZQbawsRAtY9AKCIif+oebOZ2FGDmmKZ9CNQcDUMtACfbqvp KqwF+HE4Euhp4Jxv9s9AwWU= =bNmz -----END PGP SIGNATURE----- --Boundary-02=_Hb8xARFbi2QjF2J--