Date: Sat, 1 Sep 2001 11:12:16 -0400 (EDT) From: Kenneth W Cochran <kwc@world.std.com> To: "Kulraj Gurm (bosa.ca Account)" <kulraj@bosa.ca> Cc: freebsd-questions@freebsd.org Subject: Re: NAT with >1 gateway interface Message-ID: <200109011512.LAA29975@world.std.com> References: <200109011358.JAA09511@world.std.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, but with the exception of the following:
natd_flags="-l -s -m -u"
everything is as documented in Section 18.10 of the Handbook.
You make no mention of >1 interface on the gateway system. Is
the config you describe working with a firewall/NAT system that
uses Ethernet & dialup-kernel-ppp in a similar manner?
From the natd manpage:
-l = logging
-s = use sockets
-m = same ports
-u = unregistered only
How do any of these options affect or help a scenario as
outlined with Machine A?
-kc
>From kulraj@bosa.ca Sat Sep 1 10:33:38 2001
>Message-ID: <001001c132f2$097324e0$0ac8a8c0@kimsamy.com>
>From: "Kulraj Gurm (bosa.ca Account)" <kulraj@bosa.ca>
>To: "Kenneth W Cochran" <kwc@world.std.com>, <freebsd-questions@freebsd.org>
>Subject: Re: NAT with >1 gateway interface
>Date: Sat, 1 Sep 2001 07:26:05 -0700
>
>> How do I "properly" set up NAT on a system that "transmits"
>> and "receives" on different interfaces?
>
>This is what I do :
>
>Entries in kernel config file :
>
>#IP Packet Filtering FireWall/NAT
>options IPFIREWALL # IP Firewall support
>options IPFIREWALL_FORWARD # enable transparent proxy su
>options IPFIREWALL_VERBOSE_LIMIT=1000 # limit verbosity
>options IPDIVERT
># Network Address Translation
>#options DUMMYNET
>#options BRIDGE
>
>Entries in rc.conf :
>
>#Firewall
>firewall_enable="YES" # Set to YES to enable firewall functionality
>firewall_type="open" # Firewall type (see /etc/rc.firewall)
>firewall_quiet="NO" # Set to YES to suppress rule display
>natd_enable="YES" # Enable natd (if firewall_enable == YES).
>natd_interface="fxp0" # Public interface to use with natd.
>natd_flags="-l -s -m -u" # Additional flags for
>
>That should be all you need.
>
>Regards,
>
>Kulraj
>
>----- Original Message -----
>From: "Kenneth W Cochran" <kwc@world.std.com>
>To: <freebsd-net@freebsd.org>; <freebsd-questions@freebsd.org>
>Sent: Saturday, September 01, 2001 6:58 AM
>Subject: NAT with >1 gateway interface
>
>> Hello:
>>
>> How do I "properly" set up NAT on a system that "transmits"
>> and "receives" on different interfaces?
>>
>> Briefly - Machine A receives on fxp0 & transmits on ppp0.
>> I'd like to use a 2nd Ethernet on Machine A (fxp1) for the
>> "NAT"ed/masqueraded network.
>>
>> Scenario:
>>
>> Machine A:
>> - Running RELENG_4 as of 2001/08/28, scheduled to update again
>> 2001/09/01 (thus one reason I'm asking on -stable :).
>> - Connected to a "hybrid" aka "1-way" cable-modem,
>> - "Receives" via cablemodem/Ethernet (fxp0, config'ed as 10.0.0.11/24)
>> - "Transmits/outgoing" is via analog dial-modem & ppp(d).
>> - "Real" ip-address is established by (kernel) pppd (ppp0),
>> and is "officially" dynamic, even though it always (at least
>> right now) gets the same ip-address.
>> - Runs cache-only nameserver.
>> - Has been running in this manner for about 1.5 years.
>> - (recently) Has 2nd NIC (fxp1), connected to hub for private network.
>>
>> Machine B:
>> - Has private ip-address on "its" fxp0.
>> - Connected via hub to 2nd NIC (fxp1) on Machine A.
>>
>> I've followed the instructions from the Handbook, Section
>> 18.10, Network Address Translation.
>>
>> Machines A & B can talk to each other; I can ping & ssh from/to
>> either one. Machine A communicates "outside" (with the
>> Internet) as usual, but Machine B cannot.
>>
>> I'm thinking something needs to be tweaked in the ipfw and/or
>> natd-config(s). Suggestions? Also, where would be the best place(s)
>> to put these "customizations" (for example, so as to not be any
>> more "disruptive" than necessary to the base-OS configs)?
>>
>> Of course, FAQ/-doc/readme pointers are quite welcome. :)
>> Please cc replies to me.
>>
>> Many thanks,
>>
>> -kc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109011512.LAA29975>