From owner-freebsd-questions  Wed Jun 13 13:43:41 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pope.teraglobal.com (mail.teraglobal.com [216.143.27.144])
	by hub.freebsd.org (Postfix) with ESMTP id AADC137B401
	for <freebsd-questions@freebsd.org>; Wed, 13 Jun 2001 13:43:22 -0700 (PDT)
	(envelope-from jprosser@teraglobal.com)
Received: from [10.2.0.94] ([10.2.0.94]) by pope.teraglobal.com
          (Netscape Messaging Server 4.15) with ESMTP id GEVZ5700.IX2 for
          <freebsd-questions@freebsd.org>; Wed, 13 Jun 2001 13:48:43 -0700 
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022
Date: Wed, 13 Jun 2001 14:44:46 -0600
Subject: natd/ipfw help... 
From: "Jason Prosser" <jprosser@teraglobal.com>
To: <freebsd-questions@FreeBSD.ORG>
Message-ID: <B74D2CDE.3FC%jprosser@teraglobal.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I am using 4.3-Release, and I can't seem to get natd and ipfw properly
configured. (Yes I am a newbe... =) AND PROUD OF IT! )

I am trying to setup just a basic configuration right now for some network
performance testing in our lab... Both networks are standalone, so above
getting the Nat & some basic firewall rules so that all traffic is passed. I
am not concerned about security.

The configuration that I am trying to setup is:

Network A:(Public)   <--->  NAT/Firewall    <--->   Network B:(Private)


The Nat/Firewall computer has two ethernet cards xl0 & xl1.

I've trimmed down the kernel to just what I need. (Yes I did add in
ipfirewall, ipfirewall_verbose, & ipdivert.)

In rc.conf I have: (Above basic information)
natd -n xl1
firewall_enable="YES"
firewall_type="UNKNOWN"
ifconfig_xl1="inet 10.2.0.1 netmask 255.255.255.0"
ifconfig_xl0="inet 192.168.13.1 netmask 255.255.255.0"

Firewall rules for right now is
ipfw -f flush
ipfw add divert natd tcp from any to any via xl1
ipfw add divert natd udp from any to any via xl1
ipfw add allow ip from any to any via xl1
ipfw add allow ip from any to any via xl0
ipfw add allow icmp from any to any via xl0
ipfw add allow icmp from any to any via xl1

I figure that I am missing something stupid, but I don't know enough yet to
figure it out... Thank you for the help ahead of time.

JP
jprosser@teraglobal.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message