Date: Mon, 30 Oct 2000 06:26:31 -0500 From: "Otter" <otterr@telocity.com> To: <ruthardt@chello.at>, <cjclark@alum.mit.edu> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: IP Masquerading - Using NAT Message-ID: <HLEDJBJKDDPDJBMGCLPPMEFHCHAA.otterr@telocity.com> In-Reply-To: <KDEOJJLADGAOLHAHFGMKCEDBCBAA.ruthardt@chello.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Looks vaguely familiar. At one time, I also had two of the lines numbered 100. I just tweaked everything and someting finally gave. Check out the NAT page on http://www.mostgraveconcern.com/freebsd/. I can send you a working configuration. Get this one working, then you can tweak to your specific needs. Make sure that the NAT NIC is the *outside* NIC. The rc.conf looks like this: network_interfaces="fxp0 dc0 ed0 lo0" ifconfig_dc0="inet 192.168.1.10 netmask 255.255.255.0" ifconfig_fxp0="DHCP" firewall_enable="YES" firewall_type="OPEN" gateway_enable="YES" natd_enable="YES" natd_interface="fxp0" Make sure you have the following two options in your kernel, contrary to the other stuff someone might tell you to put in: options IPFIREWALL options IPDIVERT And last, add to the very end of /etc/rc.firewall the following lines: #For NAT /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via fxp0 /sbin/ipfw add pass all from any to any Note that the outside NIC fxp0 is just an example. Change yours if necessary. Reboot. Now ping an outside IP from an internal machine. Hope this helps! -Otter }-----Original Message----- }From: owner-freebsd-questions@FreeBSD.ORG }[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of }Daniel Ruthardt }Sent: Monday, October 30, 2000 4:25 AM }To: cjclark@alum.mit.edu }Cc: freebsd-questions@FreeBSD.ORG }Subject: IP Masquerading - Using NAT } } }We might be able to help you figure out what you may have done wrong }>>if you gave us some details on what you did. Some things that would }>>help there: }>> }>> $ cat /etc/rc.conf }>> $ fgrep 'IP packet filtering' /var/run/dmesg.boot }>> $ ifconfig -a }>> $ ipfw show }>> }>>If you have a natd.conf file, }>> }>> $ cat natd.conf }>> }>>If you have made a custom firewall script (the distributed }rc.firewall }>>script should work out of the box with natd(8) and an }"OPEN" setting), }>>please include that. }>>-- }>>Crist J. Clark cjclark@alum.mit.edu } } }Here are the informations you need to help me: } } $ cat /etc/rc.conf } }# This file now contains just the overrides from }/etc/defaults/rc.conf }# please make all changes to this file. } }keymap="german.iso" }gateway_enable="YES" }hostname="dowee.com" }firewall_enable="YES" }firewall_type="OPEN" }natd_interface="xl0" }natd_enable="YES" }ifconfig_xl0="DHCP" }ifconfig_xl0_alias0="inet 192.0.0.1 netmask 255.255.255.0" } } $ fgrep 'IP packet filtering' /var/run/dmesg.boot } }IP packet filtering initialized, divert enabled, rule-based }forwarding }disabled, } default to deny, logging disabled } } $ ifconfig -a } }xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 } inet6 fe80::250:4ff:fe4d:3695%xl0 prefixlen 64 scopeid 0x1 } inet 212.186.196.204 netmask 0xffffff00 broadcast }212.186.196.255 } inet 192.0.0.1 netmask 0xffffff00 broadcast 192.0.0.255 } ether 00:50:04:4d:36:95 } media: 10baseT/UTP (10baseT/UTP <half-duplex>) } supported media: 10baseT/UTP <full-duplex> }10baseT/UTP <half-duplex> }10b }aseT/UTP }lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 }sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 }ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 }lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 } inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 } inet6 ::1 prefixlen 128 } inet 127.0.0.1 netmask 0xff000000 }gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif0 prefixlen 64 scopeid 0x6 }gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif1 prefixlen 64 scopeid 0x7 }gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif2 prefixlen 64 scopeid 0x8 }gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%gif3 prefixlen 64 scopeid 0x9 }stf0: flags=8000<MULTICAST> mtu 1280 } inet6 fe80::250:4ff:fe4d:3695%stf0 prefixlen 64 scopeid 0xa }faith0: flags=8000<MULTICAST> mtu 1500 } } $ ipfw show } }00100 3064 945994 divert 8668 ip from any to any via xl0 }00100 0 0 allow ip from any to any via lo0 }00200 0 0 deny ip from any to 127.0.0.0/8 }65000 3064 945994 allow ip from any to any }65535 2 656 deny ip from any to any } }Hope the information tells you what i've done wrong (-: } }Thanks, }Daniel } } } }To Unsubscribe: send mail to majordomo@FreeBSD.org }with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HLEDJBJKDDPDJBMGCLPPMEFHCHAA.otterr>