From owner-freebsd-questions Wed Mar 14 14:55:24 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nwcst291.netaddress.usa.net (nwcst291.netaddress.usa.net [204.68.23.36]) by hub.freebsd.org (Postfix) with SMTP id 62E4F37B71C for ; Wed, 14 Mar 2001 14:55:16 -0800 (PST) (envelope-from tymanthius@usa.net) Received: (qmail 26403 invoked by uid 60001); 14 Mar 2001 22:55:15 -0000 Message-ID: <20010314225515.26402.qmail@nwcst291.netaddress.usa.net> Received: from 204.68.23.36 by nwcst291 for [206.27.134.197] via web-mailer() on Wed Mar 14 22:55:15 GMT 2001 Date: 14 Mar 2001 15:55:15 MST From: Tymanthius Rune Speak To: David Preece Subject: Re: [Re: More NATD/IPFW woes . . . ] Cc: freebsd-questions@freebsd.org X-Mailer: USANET web-mailer () Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG As you may have guessed from my earlier response, it works now. (So why = don't I jump over and use my linux box to check mail?) Anywho . . . But I *do* have natd_enable=3D"YES" in rc.config. I even hav= e natd_program=3D"/sbin/natd". So any ideas why it doesn't start at boot? And how I can make it? David Preece wrote: At 09:46 14/03/2001 -0700, you wrote: >/sbin/ipfw -f flush > " add divert natd all from any to any via ed1 #ed1 is to my INTERNAL >net > " add pass all from any to any OK. You want to apply address translation to packets leaving the gateway = machine and heading off onto the internet, so it's via ed0. I also have = mine saying 'divert natd ip from' rather than 'all', couldn't tell you if= = this makes any difference! More critically (as Daryl pointed out) the natd daemon isn't running. The= = address translation takes place in user space, not in the kernel. Since = address translation typically takes place onto a low(ish) bandwidth = connection this isn't a problem and even your 486 will barely notice over= - = say - a cable modem. Anyway, this basically means that natd should appear= = in your process list - and this is your biggest problem. Put this into rc.conf: natd_enable=3D"YES" natd_interface=3D"ed0" And rebooting the box should bring up the natd process ready to be attach= ed = to the external port. One more no brainer: Have you set the gateway (default router) for the bs= d = box to get onto the internet? (in rc.conf: defaultrouter=3D"x.x.x.x") Once you have it up and going you might want to think about the number of= = services you have enabled. I'm really paranoid about security (due to = basically not knowing enough) and run with as few processes as possible. = All it takes is a few lines in rc.conf (again): cron_enable=3D"NO" inetd_enable=3D"NO" portmap_enable=3D"NO" And you're away. Tell us how it goes, Dave ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=3D= 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message