Date: Sat, 1 Sep 2001 07:26:05 -0700 From: "Kulraj Gurm (bosa.ca Account)" <kulraj@bosa.ca> To: "Kenneth W Cochran" <kwc@world.std.com>, <freebsd-questions@freebsd.org> Subject: Re: NAT with >1 gateway interface Message-ID: <001001c132f2$097324e0$0ac8a8c0@kimsamy.com> References: <200109011358.JAA09511@world.std.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> How do I "properly" set up NAT on a system that "transmits" > and "receives" on different interfaces? This is what I do : Entries in kernel config file : #IP Packet Filtering FireWall/NAT options IPFIREWALL # IP Firewall support options IPFIREWALL_FORWARD # enable transparent proxy su options IPFIREWALL_VERBOSE_LIMIT=1000 # limit verbosity options IPDIVERT # Network Address Translation #options DUMMYNET #options BRIDGE Entries in rc.conf : #Firewall firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="open" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface to use with natd. natd_flags="-l -s -m -u" # Additional flags for That should be all you need. Regards, Kulraj ----- Original Message ----- From: "Kenneth W Cochran" <kwc@world.std.com> To: <freebsd-net@freebsd.org>; <freebsd-questions@freebsd.org> Sent: Saturday, September 01, 2001 6:58 AM Subject: NAT with >1 gateway interface > Hello: > > How do I "properly" set up NAT on a system that "transmits" > and "receives" on different interfaces? > > Briefly - Machine A receives on fxp0 & transmits on ppp0. > I'd like to use a 2nd Ethernet on Machine A (fxp1) for the > "NAT"ed/masqueraded network. > > Scenario: > > Machine A: > - Running RELENG_4 as of 2001/08/28, scheduled to update again > 2001/09/01 (thus one reason I'm asking on -stable :). > - Connected to a "hybrid" aka "1-way" cable-modem, > - "Receives" via cablemodem/Ethernet (fxp0, config'ed as 10.0.0.11/24) > - "Transmits/outgoing" is via analog dial-modem & ppp(d). > - "Real" ip-address is established by (kernel) pppd (ppp0), > and is "officially" dynamic, even though it always (at least > right now) gets the same ip-address. > - Runs cache-only nameserver. > - Has been running in this manner for about 1.5 years. > - (recently) Has 2nd NIC (fxp1), connected to hub for private network. > > Machine B: > - Has private ip-address on "its" fxp0. > - Connected via hub to 2nd NIC (fxp1) on Machine A. > > I've followed the instructions from the Handbook, Section > 18.10, Network Address Translation. > > Machines A & B can talk to each other; I can ping & ssh from/to > either one. Machine A communicates "outside" (with the > Internet) as usual, but Machine B cannot. > > I'm thinking something needs to be tweaked in the ipfw and/or > natd-config(s). Suggestions? Also, where would be the best place(s) > to put these "customizations" (for example, so as to not be any > more "disruptive" than necessary to the base-OS configs)? > > Of course, FAQ/-doc/readme pointers are quite welcome. :) > Please cc replies to me. > > Many thanks, > > -kc > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c132f2$097324e0$0ac8a8c0>