Date: Thu, 3 May 2001 16:12:46 -0400 From: "Elliott Perrin" <eperrin@bigorbit.com> To: "Jeff Leslie" <jsl1339@labs.tamu.edu>, <freebsd-questions@FreeBSD.ORG> Subject: Re: NAT Message-ID: <02b101c0d40d$6beb4ce0$8701a8c0@bottleneck2000> References: <PAEKJMHICCAGLPAOIHHPOEKKCAAA.jsl1339@labs.tamu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> i have FreeBSD 4.3 RC1 and connected to a dhcp server at Texas A&M > University > > i have been trying to run NAT for firewall purposes and I am having trouble. > First off, i added the two options (IPFIREWALL and IPDIVERT) and recompiled > the kernel. Next i ran > > I enabled gateway in /etc/rc.conf > then i did > # natd -interface dc1 (this is my incoming ethernet card, the one > connected to the dhcp. dc0 is the other) > # /sbin/ipfw -f flush > # /sbin/ipfw add divert natd all from any to any via dc1 > # /sbin/ipfw add pass all from any to any > > then i went to run the /etc/rc.firewall, and it gave me that permission was > denied ( and i was logged in a root) > also, when i went into /etc/rc.conf, there was no enable_firewall....i added > it, but there was none to begin with > please let me know what im doing wrong. > > another thing i want to know is what to set my windows 2000 computer that > runs behind it to? ( as in network properties) > > thanks and gig em > > > jeff leslie > If your external interface is dc1 run this natd -interface dc1 -dynamic --- adding dynamic will change the way aliasing is done if the IP changes (man natd for more info on this) Then in rc.conf put in firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="OPEN" (cause that is pretty much what you are running with the list you gave below, see /etc/rc.firewall for what each of the types is) firewall_quiet="NO" (again, change to what you want) firewall_logging="" (insert yes or no) firewall_flags="" (any additional flags you want to supply to ipfw) Setup an IP for your internal NIC, run routed to generate routing tables (well you don't have to) and point your windows 2000 box at the IP of that internal NIC as a default gateway. Setup DNS however you like (if you have an upstream DNS Server you can connect to use it) Make sure you also have defaultrouter="aaa.bbb.ccc.ddd" (enter your upstream default gateway in here) Since you couldn't manipulate the firewall, check to see if these are enabled in /etc/rc.conf or in /etc/defaults/rc.conf kern_securelevel_enable="" (will either be yes or no) kern_securelevel="" (a range from -1 to 3, -1 being the most insecure) You can also check to see what the kernel security level is by running sysctl -n kern.securelevel If it was running at 3 you cannot change any of the ipfw values, which could be why you got the error as root.. /etc/defaults/rc.conf contains all the defaults that you can override in /etc/rc.conf, so it is a good place to look when you are setting this up _________________________________ Elliott Perrin Senior Systems Administrator Biographix Corporation Big Orbit New Media Studios eperrin@bigorbit.com 416-516-0705 ext 225 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02b101c0d40d$6beb4ce0$8701a8c0>