From owner-freebsd-questions@FreeBSD.ORG Sat May 1 11:13:21 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A64416A4CE for ; Sat, 1 May 2004 11:13:21 -0700 (PDT) Received: from kende.com (ns1.kende.com [66.17.131.94]) by mx1.FreeBSD.org (Postfix) with SMTP id 2FA1543D3F for ; Sat, 1 May 2004 11:13:21 -0700 (PDT) (envelope-from andras@kende.com) Received: (qmail 29464 invoked by uid 0); 1 May 2004 18:13:26 -0000 Received: from unknown (HELO ak) (67.163.120.76) by ns1.kende.com with SMTP; 1 May 2004 18:13:26 -0000 From: "Andras Kende" To: "'Paul Hoffman'" , Date: Sat, 1 May 2004 13:13:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 thread-index: AcQvmRV5fHy3XMXJQe+bd6qM9bYNyQADrwwQ Message-Id: <20040501181321.2FA1543D3F@mx1.FreeBSD.org> Subject: RE: Setting up a NAT without a firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 May 2004 18:13:21 -0000 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Paul Hoffman Sent: Saturday, May 01, 2004 11:26 AM To: freebsd-questions@FreeBSD.ORG Subject: Setting up a NAT without a firewall Greetings again. Many folks here helped me last year with my travails of setting up a FreeBSD 4.8 box as a NAT. I'm trying to reproduce that on a different box, and failing. My biggest problem seems to be the firewall, which I don't care about. That is, I just want a NAT: I don't care about blocking anything incoming or outgoing. 1) Are there directions somewhere for setting up a 4.x box as a NAT without needing to do all the firewall stuff? 2) Is this easier in 5.x? I can re-gen the box to 5.1.2 if that would be easier. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Something like this would work: Create a new kernel with config: options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPDIVERT /etc/rc.conf: defaultrouter="123.123.123.123" gateway_enable="YES" natd_enable=yes natd_interface=fxp0 natd_flags="-f /etc/rc.natd" firewall_enable=YES firewall_type="OPEN" ifconfig_fxp0="inet 123.123.123.123 netmask 255.255.255.0" ifconfig_fxp1="inet 192.168.1.2 netmask 255.255.255.0" Open firewall is needed to do the divert: case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via any fi ;; esac esac Best regards, Andras Kende http://www.kende.com