From owner-freebsd-questions Mon Oct 30 3:22:18 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail-1.sjc.telocity.net (mail-1.sjc.telocity.net [216.227.56.41]) by hub.freebsd.org (Postfix) with ESMTP id 716EA37B4C5 for ; Mon, 30 Oct 2000 03:22:14 -0800 (PST) Received: from zoso (dsl-216-227-91-85.telocity.com [216.227.91.85]) by mail-1.sjc.telocity.net (8.9.3/8.9.3) with SMTP id DAA24038; Mon, 30 Oct 2000 03:21:15 -0800 (PST) From: "Otter" To: , Cc: Subject: RE: IP Masquerading - Using NAT Date: Mon, 30 Oct 2000 06:26:31 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Looks vaguely familiar. At one time, I also had two of the lines numbered 100. I just tweaked everything and someting finally gave. Check out the NAT page on http://www.mostgraveconcern.com/freebsd/. I can send you a working configuration. Get this one working, then you can tweak to your specific needs. Make sure that the NAT NIC is the *outside* NIC. The rc.conf looks like this: network_interfaces="fxp0 dc0 ed0 lo0" ifconfig_dc0="inet 192.168.1.10 netmask 255.255.255.0" ifconfig_fxp0="DHCP" firewall_enable="YES" firewall_type="OPEN" gateway_enable="YES" natd_enable="YES" natd_interface="fxp0" Make sure you have the following two options in your kernel, contrary to the other stuff someone might tell you to put in: options IPFIREWALL options IPDIVERT And last, add to the very end of /etc/rc.firewall the following lines: #For NAT /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via fxp0 /sbin/ipfw add pass all from any to any Note that the outside NIC fxp0 is just an example. Change yours if necessary. Reboot. Now ping an outside IP from an internal machine. Hope this helps! -Otter }-----Original Message----- }From: owner-freebsd-questions@FreeBSD.ORG }[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of }Daniel Ruthardt }Sent: Monday, October 30, 2000 4:25 AM }To: cjclark@alum.mit.edu }Cc: freebsd-questions@FreeBSD.ORG }Subject: IP Masquerading - Using NAT } } }We might be able to help you figure out what you may have done wrong }>>if you gave us some details on what you did. Some things that would }>>help there: }>> }>> $ cat /etc/rc.conf }>> $ fgrep 'IP packet filtering' /var/run/dmesg.boot }>> $ ifconfig -a }>> $ ipfw show }>> }>>If you have a natd.conf file, }>> }>> $ cat natd.conf }>> }>>If you have made a custom firewall script (the distributed }rc.firewall }>>script should work out of the box with natd(8) and an }"OPEN" setting), }>>please include that. }>>-- }>>Crist J. Clark cjclark@alum.mit.edu } } }Here are the informations you need to help me: } } $ cat /etc/rc.conf } }# This file now contains just the overrides from }/etc/defaults/rc.conf }# please make all changes to this file. } }keymap="german.iso" }gateway_enable="YES" }hostname="dowee.com" }firewall_enable="YES" }firewall_type="OPEN" }natd_interface="xl0" }natd_enable="YES" }ifconfig_xl0="DHCP" }ifconfig_xl0_alias0="inet 192.0.0.1 netmask 255.255.255.0" } } $ fgrep 'IP packet filtering' /var/run/dmesg.boot } }IP packet filtering initialized, divert enabled, rule-based }forwarding }disabled, } default to deny, logging disabled } } $ ifconfig -a } }xl0: flags=8843 mtu 1500 } inet6 fe80::250:4ff:fe4d:3695%xl0 prefixlen 64 scopeid 0x1 } inet 212.186.196.204 netmask 0xffffff00 broadcast }212.186.196.255 } inet 192.0.0.1 netmask 0xffffff00 broadcast 192.0.0.255 } ether 00:50:04:4d:36:95 } media: 10baseT/UTP (10baseT/UTP ) } supported media: 10baseT/UTP }10baseT/UTP }10b }aseT/UTP }lp0: flags=8810 mtu 1500 }sl0: flags=c010 mtu 552 }ppp0: flags=8010 mtu 1500 }lo0: flags=8049 mtu 16384 } inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 } inet6 ::1 prefixlen 128 } inet 127.0.0.1 netmask 0xff000000 }gif0: flags=8010 mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif0 prefixlen 64 scopeid 0x6 }gif1: flags=8010 mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif1 prefixlen 64 scopeid 0x7 }gif2: flags=8010 mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif2 prefixlen 64 scopeid 0x8 }gif3: flags=8010 mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif3 prefixlen 64 scopeid 0x9 }stf0: flags=8000 mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%stf0 prefixlen 64 scopeid 0xa }faith0: flags=8000 mtu 1500 } } $ ipfw show } }00100 3064 945994 divert 8668 ip from any to any via xl0 }00100 0 0 allow ip from any to any via lo0 }00200 0 0 deny ip from any to 127.0.0.0/8 }65000 3064 945994 allow ip from any to any }65535 2 656 deny ip from any to any } }Hope the information tells you what i've done wrong (-: } }Thanks, }Daniel } } } }To Unsubscribe: send mail to majordomo@FreeBSD.org }with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message