From owner-freebsd-net  Sat Sep 23  2:15:51 2000
Delivered-To: freebsd-net@freebsd.org
Received: from spider.suxx.eu.org (os-kam.cust.KKS.net [195.250.198.225])
	by hub.freebsd.org (Postfix) with ESMTP id 0497237B422
	for <freebsd-net@freebsd.org>; Sat, 23 Sep 2000 02:15:43 -0700 (PDT)
Received: by spider.suxx.eu.org (Postfix, from userid 1000)
	id 0258382; Sat, 23 Sep 2000 11:14:58 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by spider.suxx.eu.org (Postfix) with ESMTP
	id D53E01A; Sat, 23 Sep 2000 11:14:58 +0200 (CEST)
Date: Sat, 23 Sep 2000 11:14:58 +0200 (CEST)
From: MadDave <maddave@suxx.eu.org>
To: Frank Bonnet <bonnetf@bart.esiee.fr>
Cc: freebsd-net@freebsd.org
Subject: Re: Simple NAT config / help ?
In-Reply-To: <200009221103.e8MB3bv17350@bart.esiee.fr>
Message-ID: <Pine.BSF.4.21.0009231102460.342-100000@spider.suxx.eu.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi

First you must compile a new kernel with (Some of this choices are
optional):

	options IPFIREWALL
	options IPDIVERT
	options IPFIREWALL_FORWARD
	options IPFILTER
	options IPFIREWALL_DEFAULT_TO_ACCEPT
	options DUMMYNET #If you want to use traffic shaper
	options TCP_DROP_SYNFIN

Fot NAT we use deamon called `natd` (see man page for details). Natd muse
be binded to interface which is connected to internet. Then you run natd
deamon. I run it like this: `/sbin/natd -unregistered_only -interface ed0 
-s -dynamic`. In my case ed0 is the external NIC. Then you set up `ipfw`
rules like `ipfw add divert natd ip from any to any via ed0` (change ed0
with your NIC name). Then you must also enable IP Forwarding. This is done
by `sysctl -w net.inet.ip.forwarding=1`. Then you can filter clients by
setting up a firewall (see `man ipfw`). 

Bye,
	David

On Fri, 22 Sep 2000, Frank Bonnet wrote:

> Hi
> 
> I have to setup a machine that will act as NAT server
> I don't need much rules except I want to be able to
> filter clients accesses with IP addresses and maybe also
> MAC address.
> 
> As I'm pretty new in nat/firewalling I need some basic
> examples to test my configuration.
> 
> Any help welcome
> 
> release is 4.1 and the machine is a P350 with two 
> 10/100 ethernet boards. 
> 
> Thanks for any help.
> --
> Frank Bonnet
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message