From owner-freebsd-questions Mon Dec 9 6:26:28 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F7D237B401 for ; Mon, 9 Dec 2002 06:26:25 -0800 (PST) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 500B543EA9 for ; Mon, 9 Dec 2002 06:26:24 -0800 (PST) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.12.3/8.12.3) with ESMTP id gB9EQBZN005781; Mon, 9 Dec 2002 11:26:11 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Mon, 9 Dec 2002 11:26:11 -0300 (ART) From: Fernando Gleiser To: Mike Cc: freebsd-questions@freebsd.org Subject: Re: IPNAT help In-Reply-To: <000501c2a64f$e6c9fea0$2202ded8@data> Message-ID: <20021209112136.Y5604-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 17 Dec 2002, Mike wrote: > Trying to setup a small local network off of my DSL. Currently I use a > different OS to do this but I am switching, or trying to.. > > I am using IPNAT and have added all of the options to redo the kernel. > options INET #InterNETworking > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > options IPSTEALTH > options TCP_RESTRICT_RST > options INET6 #IPv6 communications protocols If you use ipnat, you need "options IPFILTER", and drop all "options IPFIREWALL*" and IPDIVERT > > Recompiled and setup my firewall - Works great. Next went after ipnat > and natd (Note some of these I do not need I think but which ones?) I > need a clear step by step on this if someone has one. If you use ipfilter, use ipnat. if you use ipfw, use natd. > > My RC.CONF with IP changed > # -- sysinstall generated deltas -- # Sat Nov 30 16:10:02 2002 > # Created: Sat Nov 30 16:10:02 2002 > # Enable network daemons for user convenience. > # Please make all changes to this file, not to /etc/defaults/rc.conf. > # This file now contains just the overrides from /etc/defaults/rc.conf. > #My ADSL router > defaultrouter="216.0.0.33" > ipfilter_enable="YES" > ipnat_anabled="YES" that should be ipnat_enable > natd_enable="YES" > natd_interface="fpx0" > natd_flags="-f /etc/natd.conf" > gateway_enable="YES" > hostname="myhost.myhost.us" > ifconfig_fxp0="inet 216.0.0.35 netmask 255.255.255.248" > ifconfig_xl0="inet 192.168.0.2 netmask 255.255.255.0" > inetd_enable="NO" > ipv6_enable="YES" > kern_securelevel_enable="NO" > linux_enable="YES" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > sshd_enable="YES" > usbd_enable="YES" > #required for ipfw support > firewall_enable="YES" > #firewall_script="/etc/ipfw.rules" > firewall_script="/etc/rc.firewall" > firewall_type="simple" > firewall_quiet="NO" #change to YES once happy with rules > firewall_logging_enable="YES" > #extra firewalling options > log_in_vain="YES" > tcp_restrict_rst="YES" > icmp_drop_redirect="YES" > > Next added my ipnat.conf file > > map fxp0 192.168.0.0/24 -> 216.222.2.35/29 portmap tcp/udp 10000:65000 by default, ipnat looks for the rules in /etc/ipnat.rules. Move the file or tweak the ipnat_rules var in rc.conf Hope this helps Fer > > So pick it apart and point me in the right direction if possible. I am > continuing to try and make it work... > > Thanks > > PS - This is my First post on anything in FreeBSD, the rest from MySQL > to SSHD SSL Apache PHP Webmin all went great! > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message