From owner-freebsd-questions Wed Mar 14 10:25:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from deborah.paradise.net.nz (deborah.paradise.net.nz [203.96.152.32]) by hub.freebsd.org (Postfix) with ESMTP id 66F2337B718 for ; Wed, 14 Mar 2001 10:25:08 -0800 (PST) (envelope-from davep@afterswish.com) Received: from duron700.afterswish.com (203-79-83-91.cable.paradise.net.nz [203.79.83.91]) by deborah.paradise.net.nz (8.11.3/8.11.3) with ESMTP id f2EIP4U32375; Thu, 15 Mar 2001 07:25:04 +1300 (NZDT) Message-Id: <5.0.2.1.1.20010315071130.0217e998@pop3.paradise.net.nz> X-Sender: dpreece@pop3.paradise.net.nz X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 15 Mar 2001 07:25:10 +1300 To: Tymanthius Rune Speak From: David Preece Subject: Re: More NATD/IPFW woes . . . Cc: freebsd-questions@freebsd.org In-Reply-To: <20010314164606.9982.qmail@nwcst333.netaddress.usa.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 09:46 14/03/2001 -0700, you wrote: >/sbin/ipfw -f flush > " add divert natd all from any to any via ed1 #ed1 is to my INTERNAL >net > " add pass all from any to any OK. You want to apply address translation to packets leaving the gateway machine and heading off onto the internet, so it's via ed0. I also have mine saying 'divert natd ip from' rather than 'all', couldn't tell you if this makes any difference! More critically (as Daryl pointed out) the natd daemon isn't running. The address translation takes place in user space, not in the kernel. Since address translation typically takes place onto a low(ish) bandwidth connection this isn't a problem and even your 486 will barely notice over - say - a cable modem. Anyway, this basically means that natd should appear in your process list - and this is your biggest problem. Put this into rc.conf: natd_enable="YES" natd_interface="ed0" And rebooting the box should bring up the natd process ready to be attached to the external port. One more no brainer: Have you set the gateway (default router) for the bsd box to get onto the internet? (in rc.conf: defaultrouter="x.x.x.x") Once you have it up and going you might want to think about the number of services you have enabled. I'm really paranoid about security (due to basically not knowing enough) and run with as few processes as possible. All it takes is a few lines in rc.conf (again): cron_enable="NO" inetd_enable="NO" portmap_enable="NO" And you're away. Tell us how it goes, Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message