Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Mar 2001 07:25:10 +1300
From:      David Preece <davep@afterswish.com>
To:        Tymanthius Rune Speak <tymanthius@usa.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: More NATD/IPFW woes . . . 
Message-ID:  <5.0.2.1.1.20010315071130.0217e998@pop3.paradise.net.nz>
In-Reply-To: <20010314164606.9982.qmail@nwcst333.netaddress.usa.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 09:46 14/03/2001 -0700, you wrote:
>/sbin/ipfw -f flush
>      "     add divert natd all from any to any via ed1 #ed1 is to my INTERNAL
>net
>      "     add pass all from any to any

OK. You want to apply address translation to packets leaving the gateway 
machine and heading off onto the internet, so it's via ed0. I also have 
mine saying 'divert natd ip from' rather than 'all', couldn't tell you if 
this makes any difference!

More critically (as Daryl pointed out) the natd daemon isn't running. The 
address translation takes place in user space, not in the kernel. Since 
address translation typically takes place onto a low(ish) bandwidth 
connection this isn't a problem and even your 486 will barely notice over - 
say - a cable modem. Anyway, this basically means that natd should appear 
in your process list - and this is your biggest problem. Put this into rc.conf:

    natd_enable="YES"
    natd_interface="ed0"

And rebooting the box should bring up the natd process ready to be attached 
to the external port.

One more no brainer: Have you set the gateway (default router) for the bsd 
box to get onto the internet? (in rc.conf: defaultrouter="x.x.x.x")

Once you have it up and going you might want to think about the number of 
services you have enabled. I'm really paranoid about security (due to 
basically not knowing enough) and run with as few processes as possible. 
All it takes is a few lines in rc.conf (again):

    cron_enable="NO"
    inetd_enable="NO"
    portmap_enable="NO"

And you're away.

Tell us how it goes,
Dave




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20010315071130.0217e998>