From owner-freebsd-questions@FreeBSD.ORG Thu Apr 6 22:12:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33E2416A400 for ; Thu, 6 Apr 2006 22:12:30 +0000 (UTC) (envelope-from nickstenning@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id B598743D53 for ; Thu, 6 Apr 2006 22:12:29 +0000 (GMT) (envelope-from nickstenning@gmail.com) Received: by zproxy.gmail.com with SMTP id l8so255048nzf for ; Thu, 06 Apr 2006 15:12:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XrmvZIFDSZGfzZJwROsPmyZgI9+7HcwNwjsBMvu2M62mEYFrMiNL997LTprw4nmGsdpGB3D0p6cTzEtilAVi8GFgDDb7OmNe+3m2xqLs9L7J4qzGOsRBp2volOBjbges5ThzIl4fsZqKlB3qiNZV7O89kqRYdP8/zrJWwWZ5pOc= Received: by 10.37.12.78 with SMTP id p78mr1706694nzi; Thu, 06 Apr 2006 15:12:28 -0700 (PDT) Received: by 10.36.57.4 with HTTP; Thu, 6 Apr 2006 15:12:28 -0700 (PDT) Message-ID: Date: Thu, 6 Apr 2006 23:12:28 +0100 From: "Nick Stenning" To: freebsd-questions@freebsd.org In-Reply-To: <44358D8F.5050605@mac.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <44358D8F.5050605@mac.com> Subject: Re: NAT, VPN and other SOHO router advice X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2006 22:12:30 -0000 On 4/6/06, Chuck Swiger wrote: > > Given what you've said, you should set up the FreeBSD machine as a bridge > rather than a router. > > It's possible to do other things, such as changing the NAT address range > used by rl1 and your Vigor 2600, yet also set up NAT on the FreeBSD machi= ne, > including GRE passthrough and PPTP in /etc/natd.conf, but that would be > evil, hard to debug, and otherwise tempting the fates. :-) > > # NATD configuration options > dynamic yes > interface rl1 > #log yes > log_denied yes > use_sockets yes > same_ports yes > unregistered_only yes > #punch_fw 10000:100 > redirect_proto gre 10.1.1.2 > redirect_port udp 10.1.1.2:500 500 > redirect_port udp 10.1.1.2:4500 4500 > redirect_port udp 10.1.1.2:62515 62515 > redirect_port tcp 10.1.1.2:10000 10000 > redirect_port tcp 10.1.1.2:pptp pptp > > # The above rules allow passthrough for the Cisco VPN software, and shoul= d > also work with SonicWall's VPN client. OpenVPN uses just a single UDP po= rt, > and would be very easy to set up on FreeBSD if you liked. > > -- > -Chuck > Thanks to both of you for all your input .. its a great help! Chuck -- since you appear to have given me the config options for something that's "evil, hard to debug, and otherwise tempting the fates", would you mind explaining how to set up the FBSD box as a bridge? Or perhaps I'm missing something ... is that what that config is for?