From owner-freebsd-questions@FreeBSD.ORG Mon Jul 5 11:09:44 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3398F16A4CE for ; Mon, 5 Jul 2004 11:09:44 +0000 (GMT) Received: from p1028-ipbffx02marunouchi.tokyo.ocn.ne.jp (p1028-ipbffx02marunouchi.tokyo.ocn.ne.jp [220.111.132.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AF7843D67 for ; Mon, 5 Jul 2004 11:09:43 +0000 (GMT) (envelope-from lukek@meibin.net) Received: (qmail 21833 invoked by uid 89); 5 Jul 2004 11:09:40 -0000 Received: from unknown (HELO ?192.168.10.8?) (192.168.10.8) by 192.168.20.5 with SMTP; 5 Jul 2004 11:09:40 -0000 Date: Mon, 05 Jul 2004 20:07:06 +0900 From: Luke Kearney To: Brett Wiggins In-Reply-To: <220.253.52.253.1089022810.6997@my.monash.edu.au> References: <220.253.52.253.1089022810.6997@my.monash.edu.au> Message-Id: <20040705195556.F0F5.LUKEK@meibin.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.07.01 cc: freebsd-questions@freebsd.org Subject: Re: internet gateway X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2004 11:09:44 -0000 On Mon, 05 Jul 2004 10:40:58 +0000 Brett Wiggins spake thus: > Hi, > I am having some problems setting up an internet gateway for my home network. My gateway machine has two network cards, one connected to my ADSL modem and the other to a switch and my internal network. My gateway machine (FreeBSD) can connect to the internet and it can ping machines on my local network. Machines on my local network run windows. > > ISP > | > | > ADSL > MODEM > | > | > FREEBSD |----- MACHINE A > MACHINE | > | | > |-------SWITCH--|----- MACHINE B > | > | > |----- MACHINE C > > So Far I have recompiled my kernel with the following options added; > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=50 > options TCP_DROP_SYNFIN > > I then edited /etc/rc.conf > gateway_enable="YES" > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="OPEN" > firewall_quiet="NO" > ppp_enable="YES" > ppp_mode="ddial" > ppp_nat="YES" > ppp_profile="netspace" > ifconfig_rl0="inet 10.0.0.1" > > Then I edited ppp.conf with the following; > nat enable yes > nat log yes > nat same_ports yes > nat unregistered_only yes > enable dns > > That is where I got up to now i'm stuck and don't know what to do next. Any help with this would be great. > > Brett G'day, http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html http://www.neon1.net/misc/firewall.html I'm afraid I don't know a great deal about using IPFW but it seems to me that ppp.conf is probably not the place to put your NATD rules. man natd gives some good advice on setting this up. I included some links that show how to use IPF and IPNAT to accomplish the task your working on. I personally found them easy enough to read and follow however I am confident that if you google a bit more you will find equally good documentation that focuses on IPFW. HTH LukeK -- Luke Kearney