From owner-freebsd-questions Mon Aug 3 00:32:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA11776 for freebsd-questions-outgoing; Mon, 3 Aug 1998 00:32:39 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from ss454.dyn.ml.org (putc7159010.cts.com [204.216.159.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA11771 for ; Mon, 3 Aug 1998 00:32:34 -0700 (PDT) (envelope-from michaelr@ss454.dyn.ml.org) Received: from localhost (michaelr@localhost) by ss454.dyn.ml.org (8.8.8/8.8.8) with SMTP id AAA00217; Mon, 3 Aug 1998 00:32:35 -0700 (PDT) (envelope-from michaelr@ss454.dyn.ml.org) Date: Mon, 3 Aug 1998 00:32:34 -0700 (PDT) From: Mike Reeh To: Evren Yurtesen cc: "David W. Curry" , FreeBSD Questions Subject: Re: I am running out of hope for hatd or any proxy at that! In-Reply-To: <35C50131.4067114C@turkey.ispro.net.tr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Why are you telling me this? I'm using kernel-level ppp (pppd) not userland 'ppp' thanks for the quote on the ppp man page btw.. i dont think i could have figured it out myself. mike reeh On Mon, 3 Aug 1998, Evren Yurtesen wrote: > hello > actually you do not need to use natd with ppp! > there is an a lot easier way to do ip masquerading! > here is a caption from; > man ppp > > Supports packet aliasing. Packet aliasing (a.k.a. IP masquerading) al- > lows computers on a private, unregistered network to access the Internet. > The PPP host acts as a masquerading gateway. IP addresses as well as TCP > and UDP port numbers are aliased for outgoing packets and de-aliased for > returning packets. > > also near the end of the man page > > PACKET ALIASING > The -alias command line option enables packet aliasing. This allows the > ppp host to act as a masquerading gateway for other computers over a lo- > cal area network. Outgoing IP packets are aliased so that they appear to > come from the ppp host, and incoming packets are de-aliased so that they > are routed to the correct machine on the local area network. Packet > aliasing allows computers on private, unregistered subnets to have Inter- > net access, although they are invisible from the outside world. In gen- > eral, correct ppp operation should first be verified with packet aliasing > disabled. Then, the -alias option should be switched on, and network ap- > plications (web browser, telnet(1), ftp(1), ping(8), traceroute(8)) > should be checked on the ppp host. Finally, the same or similar applica- > tions should be checked on other computers in the LAN. If network appli- > cations work correctly on the ppp host, but not on other machines in the > LAN, then the masquerading software is working properly, but the host is > either not forwarding or possibly receiving IP packets. Check that IP > forwarding is enabled in /etc/rc.conf and that other machines have desig- > nated the ppp host as the gateway for the LAN. > > > Mike Reeh wrote: > > > This is what I've done to setup natd on my lan to allow the internal > > machines see the rest of the internet, several times successfully.. i'll > > try to remember everything. > > > > First things first, build your kernel with: > > > > options IPFIREWALL > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > options IPDIVERT > > > > now, default to accept isnt necessary but i'd use it just to be safe.... > > after you build your kernel, do a quick edit of your /etc/rc.conf and > > change these values: > > > > firewall_enable="YES" > > firewall_type="/etc/rc.firewall" > > gateway_enable="YES" > > > > firewall_type is now pointing to another file named /etc/rc.firewall which > > is something i made up so dont expect to figure that one out.. now what > > you need to do is open an editor (vi, ee, joe, pico, etc) on your > > /etc/rc.firewall file (will be a new file) and enter these lines, which i > > happened to have taken directly from the natd man page, but work > > perfectly: > > > > /sbin/ipfw -f flush > > /sbin/ipfw add divert natd all from any to any via ppp0 > > /sbin/ipfw add pass all from any to any > > > > ppp0 is what you need to change to your public network interface.. for me, > > i unfortunately dont have ether to the internet, i have a lousy dialup ppp > > connection, but it works.. if you have ethernet, use the interface (i.e. > > de0, ed0, etc) that actually talks to the internet. > > > > now you need to edit your /etc/services file.... you need to add a > > separate line with this in it: > > > > natd 8668/divert #NATD > > > > next is for your natd rules.... for this i used a file called > > /etc/natd.conf in which i have the following lines: > > > > use_sockets > > same_ports > > interface ppp0 > > > > again, use the same interface that you did with your /etc/rc.firewall (its > > the PUBLIC network interface) > > > > ok now we're getting close... what i did then was edit my /etc/rc.local to > > start up natd automagically... i did it by modifying the "starting local > > daemons" part.. i dont remember exactly what it looked like before but > > this is waht it looks like now: > > > > echo -n 'starting local daemons:' > > echo -n ' natd' ; /usr/sbin/natd -f /etc/natd.conf > > > > as you can see it starts natd wit the options file (-f) /etc/natd.conf . > > If all goes well it should fork :) and not leave you hanging. if it does > > just ^C it on bootup but you shouldnt have to worry about that.. > > > > with all this information, im making a huge assumption that you have your > > ifconfig's all setup w/ the right netmask, and ip address' and whatnot. > > > > the only other thing that i did was make the gateway on the local machines > > the same as the IP# of the natd machine.. > > > > one last quick reboot w/ your new kernel and all your new settings, and > > you should be good to go.. also dont forget to set the DNS ip's on the > > local machines to whatever your natd machine uses... > > > > good luck and let me know if it worked :) if it did i'll show you some > > other settings i use to let me telnet into the local machines on special > > ports from the internet, etc.... > > > > Mike Reeh > > michaelr@ss454.dyn.ml.org > > breadfan > > > > On Sat, 1 Aug 1998, David W. Curry wrote: > > > > > Well, I'm on day 5 now of trying to configure natd as a proxy server for my LAN. I guess I just need step-by-step instruction becuase I have read every man file and web page on it I can find. Maybe I am just slow :) > > > > > > Anyway, I have a BSD Unix Box that I use to dial-up to my ISP (primenet). I dial directly into my unix shell account. My Win95 box is on a network (192.168.200.2) with my BSD Box. I can telnet and ping to the Unix box NP. I want to set up BSD as a proxy for my 95 Machine. Can anyone maybe ask me some specific questions about my systems and tell me how to set up my client and server? > > > > > > Any help would be appreciated. > > > > > > Thank you, > > > > > > Dave > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message