Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Dec 2002 11:26:11 -0300 (ART)
From:      Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To:        Mike <massey@rmci.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPNAT help
Message-ID:  <20021209112136.Y5604-100000@cactus.fi.uba.ar>
In-Reply-To: <000501c2a64f$e6c9fea0$2202ded8@data>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Dec 2002, Mike wrote:

> Trying to setup a small local network off of my DSL. Currently I use a
> different OS to do this but I am switching, or trying to..
>
> I am using IPNAT and have added all of the options to redo the kernel.
> options 	INET			#InterNETworking
> options 	IPFIREWALL
> options 	IPDIVERT
> options 	IPFIREWALL_VERBOSE
> options 	IPFIREWALL_VERBOSE_LIMIT=10
> options   	IPSTEALTH
> options   	TCP_RESTRICT_RST
> options 	INET6			#IPv6 communications protocols


If you use ipnat, you need "options IPFILTER", and drop all "options
IPFIREWALL*" and IPDIVERT

>
> Recompiled and setup my firewall - Works great. Next went after ipnat
> and natd (Note some of these I do not need I think but which ones?) I
> need a clear step by step on this if someone has one.

If you use ipfilter, use ipnat. if you use ipfw, use natd.


>
> My RC.CONF with IP changed
> # -- sysinstall generated deltas -- # Sat Nov 30 16:10:02 2002
> # Created: Sat Nov 30 16:10:02 2002
> # Enable network daemons for user convenience.
> # Please make all changes to this file, not to /etc/defaults/rc.conf.
> # This file now contains just the overrides from /etc/defaults/rc.conf.
> #My ADSL router
> defaultrouter="216.0.0.33"
> ipfilter_enable="YES"
> ipnat_anabled="YES"

that should be ipnat_enable


> natd_enable="YES"
> natd_interface="fpx0"
> natd_flags="-f /etc/natd.conf"
> gateway_enable="YES"
> hostname="myhost.myhost.us"
> ifconfig_fxp0="inet 216.0.0.35  netmask 255.255.255.248"
> ifconfig_xl0="inet 192.168.0.2  netmask 255.255.255.0"
> inetd_enable="NO"
> ipv6_enable="YES"
> kern_securelevel_enable="NO"
> linux_enable="YES"
> nfs_reserved_port_only="YES"
> sendmail_enable="YES"
> sshd_enable="YES"
> usbd_enable="YES"
> #required for ipfw support
> firewall_enable="YES"
> #firewall_script="/etc/ipfw.rules"
> firewall_script="/etc/rc.firewall"
> firewall_type="simple"
> firewall_quiet="NO"     #change to YES once happy with rules
> firewall_logging_enable="YES"
> #extra firewalling options
> log_in_vain="YES"
> tcp_restrict_rst="YES"
> icmp_drop_redirect="YES"
>
> Next added my ipnat.conf file
>
> map fxp0 192.168.0.0/24 -> 216.222.2.35/29 portmap tcp/udp 10000:65000


by default, ipnat looks for the rules in /etc/ipnat.rules. Move the file
or tweak the ipnat_rules var in rc.conf


Hope this helps

			Fer

>
> So pick it apart and point me in the right direction if possible. I am
> continuing to try and make it work...
>
> Thanks
>
> PS - This is my First post on anything in FreeBSD, the rest from MySQL
> to SSHD SSL Apache PHP Webmin all went great!
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021209112136.Y5604-100000>