Date: 14 Mar 2001 15:55:15 MST From: Tymanthius Rune Speak <tymanthius@usa.net> To: David Preece <davep@afterswish.com> Cc: freebsd-questions@freebsd.org Subject: Re: [Re: More NATD/IPFW woes . . . ] Message-ID: <20010314225515.26402.qmail@nwcst291.netaddress.usa.net>
next in thread | raw e-mail | index | archive | help
As you may have guessed from my earlier response, it works now. (So why =
don't
I jump over and use my linux box to check mail?)
Anywho . . . But I *do* have natd_enable=3D"YES" in rc.config. I even hav=
e
natd_program=3D"/sbin/natd".
So any ideas why it doesn't start at boot? And how I can make it?
David Preece <davep@afterswish.com> wrote:
At 09:46 14/03/2001 -0700, you wrote:
>/sbin/ipfw -f flush
> " add divert natd all from any to any via ed1 #ed1 is to my
INTERNAL
>net
> " add pass all from any to any
OK. You want to apply address translation to packets leaving the gateway =
machine and heading off onto the internet, so it's via ed0. I also have =
mine saying 'divert natd ip from' rather than 'all', couldn't tell you if=
=
this makes any difference!
More critically (as Daryl pointed out) the natd daemon isn't running. The=
=
address translation takes place in user space, not in the kernel. Since =
address translation typically takes place onto a low(ish) bandwidth =
connection this isn't a problem and even your 486 will barely notice over=
- =
say - a cable modem. Anyway, this basically means that natd should appear=
=
in your process list - and this is your biggest problem. Put this into
rc.conf:
natd_enable=3D"YES"
natd_interface=3D"ed0"
And rebooting the box should bring up the natd process ready to be attach=
ed =
to the external port.
One more no brainer: Have you set the gateway (default router) for the bs=
d =
box to get onto the internet? (in rc.conf: defaultrouter=3D"x.x.x.x")
Once you have it up and going you might want to think about the number of=
=
services you have enabled. I'm really paranoid about security (due to =
basically not knowing enough) and run with as few processes as possible. =
All it takes is a few lines in rc.conf (again):
cron_enable=3D"NO"
inetd_enable=3D"NO"
portmap_enable=3D"NO"
And you're away.
Tell us how it goes,
Dave
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=3D=
1
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010314225515.26402.qmail>