Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 05 Jul 2001 18:36:36 GMT
From:      "Lanny Baron" <lnb@FreeBSDsystems.COM>
To:        Victor M <vit@email.orgus.ru>
Cc:        questions@freebsd.org
Subject:   Re: natd
Message-ID:  <20010705183636.37872.qmail@panda.freebsdsystems.com>
In-Reply-To: <Pine.BSF.4.21.0107052207510.31023-100000@email.orgus.ru> 
References:  <Pine.BSF.4.21.0107052207510.31023-100000@email.orgus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Victor,
Lets assume your public NIC is fxp0. In /etc/rc.conf you would have:
firewall_enable=YES
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-unregistered_only -use_sockets -same_ports"
gateway_enable=YES 

The above firewall type is open, meaning you don't have much in the way of 
firewall rules. This is just for straight 'n' easy natd. 

As well you would have ipdivert and firewall loaded.
and your kernel would have: 

options IPFIREWALL
options IPDIVERT 

In your /etc/rc.firewall you would have lines near the top like:
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via fxp0
/sbin/ipfw add pass all from any to any 

 --Lanny 

Victor M writes: 

> I have a FreeBSD box working as a terminal server for the dialup users and
> proxy for my internal network at the same time.
> Dialer users use the real IP addresses while LAN users have the imaginary
> IP addresses and use natd to access outside.
> By default natd maps everything going through to the real IP address of
> the output interface, say ppp0 in my case.
> How can I configure natd to map only addresses of the imaginary network
> while the dialers keep using the real ones. 
> 
> Thank You.
> Victor. 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
 


~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
Lanny Baron
And he said, Let there be light,
and FreeBSD was created and he saw
it was GOOD. He said,
Hey Kids Rock 'N' Roll FreeBSD!
servers with the power to Serve
http://www.FreeBSDsystems.com
1.877.963.1900 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010705183636.37872.qmail>