Date: Wed, 12 Apr 2000 17:23:23 PDT From: "Ron Smith" <ronnetron@hotmail.com> To: freebsd-security@FreeBSD.ORG Cc: support@cdrom.com Subject: NAT and /etc/rc.firewall Message-ID: <20000413002323.98449.qmail@hotmail.com>
next in thread | raw e-mail | index | archive | help
bash-2.03# uname -a
FreeBSD stargate.crcfx.com 3.4-RELEASE FreeBSD 3.4-RELEASE #0: Fri Mar
31 14:39:09 PST 2000 root@stargate.crcfx..com:/usr/src/sys/compile/STARGATE
i386
I recompiled the kernal with:
options IPFIREWALL
options IPDIVERT
The problem is as follows:
NAT only works with 'firewall_type="open".
Here are the particulars:
bash-2.03$ cat /etc/rc.conf
# This file now contains just the overrides from /etc/defaults/rc.conf
# please make all changes to this file.
linux_enable="YES"
moused_port="/dev/cuaa0"
moused_type="microsoft"
moused_enable="YES"
inetd_enable="NO"
sendmail_enable="NO"
dumpdev=/dev/wd0s1b
firewall_enable="YES"
firewall_type="simple"
firewall_script="/etc/rc.firewall"
gateway_enable="YES"
defaultrouter="63.203.c.d"
natd_enable="YES"
natd_interface="pn0"
ifconfig_fxp0="inet 192.168.c.d netmask 255.255.255.0"
ifconfig_pn0="inet 63.203.c.d netmask 255.255.255.248"
hostname="stargate.crcfx.com"
named_enable="YES"
~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~
Following is a portion of 'cat /etc/rc.firewall'
elif [ "${firewall_type}" = "simple" ]; then
############
# This is a prototype setup for a simple firewall. Configure this
machine
# as a named server and ntp server, and point all the machines on
the inside
# at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="pn0"
onet="63.203.c.d" #cidr given by the ISP; one below the gateway
omask="255.255.255.248"
oip="63.203.c.d" # Static IP address of the external NIC
# set these to your inside interface network and netmask and ip
iif="fxp0"
inet="192.168.c.d" # IP range of internal LAN
imask="255.255.255.0"
iip="192.168.c.d" # IP address of the internal NIC
NAT doesn't work for anyone on the LAN trying to reach the internet through
'firewall_type="simple"', but works fine with 'firewall_type="open"'. Do you
think the above setting are correct, and in the right place.
Can anyone give me a hand? Everything looks O.K. to me, unless I'm missing
something. Maybe there's something I'm missing altogether when I try to go
'firewall_type="simple"' and use those stock rules, as is, in
'/etc/rc.firewall'. If I need to make changes there, could someone mail me a
sample of some rules that work for NAT+ipfw.
TIA
Ron Smith
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000413002323.98449.qmail>