Date: Sat, 1 May 2004 13:13:17 -0500 From: "Andras Kende" <andras@kende.com> To: "'Paul Hoffman'" <phoffman@proper.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Setting up a NAT without a firewall Message-ID: <20040501181321.2FA1543D3F@mx1.FreeBSD.org> In-Reply-To: <p06100510bcb97f7a686a@[10.20.30.128]>
next in thread | previous in thread | raw e-mail | index | archive | help
-----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Paul Hoffman Sent: Saturday, May 01, 2004 11:26 AM To: freebsd-questions@FreeBSD.ORG Subject: Setting up a NAT without a firewall Greetings again. Many folks here helped me last year with my travails of setting up a FreeBSD 4.8 box as a NAT. I'm trying to reproduce that on a different box, and failing. My biggest problem seems to be the firewall, which I don't care about. That is, I just want a NAT: I don't care about blocking anything incoming or outgoing. 1) Are there directions somewhere for setting up a 4.x box as a NAT without needing to do all the firewall stuff? 2) Is this easier in 5.x? I can re-gen the box to 5.1.2 if that would be easier. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Something like this would work: Create a new kernel with config: options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPDIVERT /etc/rc.conf: defaultrouter="123.123.123.123" gateway_enable="YES" natd_enable=yes natd_interface=fxp0 natd_flags="-f /etc/rc.natd" firewall_enable=YES firewall_type="OPEN" ifconfig_fxp0="inet 123.123.123.123 netmask 255.255.255.0" ifconfig_fxp1="inet 192.168.1.2 netmask 255.255.255.0" Open firewall is needed to do the divert: case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via any fi ;; esac esac Best regards, Andras Kende http://www.kende.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040501181321.2FA1543D3F>