From owner-freebsd-questions Mon Dec 9 0:58:38 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC8FC37B401 for ; Mon, 9 Dec 2002 00:58:35 -0800 (PST) Received: from maila.telia.com (maila.telia.com [194.22.194.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC73A43EA9 for ; Mon, 9 Dec 2002 00:58:34 -0800 (PST) (envelope-from listsub@401.cx) Received: from 401.cx (malin.twenty4help.se [195.67.108.195]) by maila.telia.com (8.12.5/8.12.5) with ESMTP id gB98wRGp004897; Mon, 9 Dec 2002 09:58:29 +0100 (CET) X-Original-Recipient: freebsd-questions@FreeBSD.ORG Message-ID: <3DF45AF2.8000008@401.cx> Date: Mon, 09 Dec 2002 09:57:22 +0100 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mike Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPNAT help References: <000501c2a64f$e6c9fea0$2202ded8@data> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike wrote: > Trying to setup a small local network off of my DSL. Currently I use a > different OS to do this but I am switching, or trying to.. > > I am using IPNAT and have added all of the options to redo the kernel. > options INET #InterNETworking > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > options IPSTEALTH > options TCP_RESTRICT_RST > options INET6 #IPv6 communications protocols > > Recompiled and setup my firewall - Works great. Next went after ipnat > and natd (Note some of these I do not need I think but which ones?) I > need a clear step by step on this if someone has one. > > My RC.CONF with IP changed > # -- sysinstall generated deltas -- # Sat Nov 30 16:10:02 2002 > # Created: Sat Nov 30 16:10:02 2002 > # Enable network daemons for user convenience. > # Please make all changes to this file, not to /etc/defaults/rc.conf. > # This file now contains just the overrides from /etc/defaults/rc.conf. > #My ADSL router > defaultrouter="216.0.0.33" > ipfilter_enable="YES" > ipnat_anabled="YES" > natd_enable="YES" > natd_interface="fpx0" > natd_flags="-f /etc/natd.conf" > gateway_enable="YES" > hostname="myhost.myhost.us" > ifconfig_fxp0="inet 216.0.0.35 netmask 255.255.255.248" > ifconfig_xl0="inet 192.168.0.2 netmask 255.255.255.0" > inetd_enable="NO" > ipv6_enable="YES" > kern_securelevel_enable="NO" > linux_enable="YES" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > sshd_enable="YES" > usbd_enable="YES" > #required for ipfw support > firewall_enable="YES" > #firewall_script="/etc/ipfw.rules" > firewall_script="/etc/rc.firewall" > firewall_type="simple" > firewall_quiet="NO" #change to YES once happy with rules > firewall_logging_enable="YES" > #extra firewalling options > log_in_vain="YES" > tcp_restrict_rst="YES" > icmp_drop_redirect="YES" > > Next added my ipnat.conf file > > map fxp0 192.168.0.0/24 -> 216.222.2.35/29 portmap tcp/udp 10000:65000 > > So pick it apart and point me in the right direction if possible. I am > continuing to try and make it work... > > Thanks > > PS - This is my First post on anything in FreeBSD, the rest from MySQL > to SSHD SSL Apache PHP Webmin all went great! You do not need both ipnat and natd. Ipnat is ipfilters way of doing nat, while natd is the ipfw way. If you run ipfilter, you run ipnat. If you choose ipfw, you're stuck with ipfw. You can, if you want, run both ipfilter and ipfw, but you probably should try to get one of them going first before attempting anything like that. My advice is pick one, ipnat or natd, and remove the other. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message