From owner-freebsd-questions  Mon Aug 20  5:48:25 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.oak-wood.co.uk (pc1-dale2-0-cust111.not.cable.ntl.com [62.254.2.111])
	by hub.freebsd.org (Postfix) with SMTP id 964D837B403
	for <freebsd-questions@freebsd.org>; Mon, 20 Aug 2001 05:48:19 -0700 (PDT)
	(envelope-from lists@oak-wood.co.uk)
Received: from chris.oak-wood.co.uk ([192.168.37.3]) by mail.oak-wood.co.uk
          with SMTP (Mailtraq/1.1.6.1176) id ML9652AF78E
          for freebsd-questions@freebsd.org; Mon, 20 Aug 2001 13:47:15 +0100
Message-ID: <Akojd6HNbQg7Ew39@chris.oak-wood.co.uk>
Date: Mon, 20 Aug 2001 13:47:09 +0100
To: freebsd-questions@freebsd.org
From: Chris Hastie <lists@oak-wood.co.uk>
Subject: Re: Port redirection with natd
References: <Zr+V+$FUjPg7EwEX@chris.oak-wood.co.uk>
 <20010819082640.D17720-100000@p6m7g8.student.umd.edu>
In-Reply-To: <20010819082640.D17720-100000@p6m7g8.student.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain;charset=us-ascii;format=flowed
User-Agent: Turnpike/6.00-Beta-6-U (<Il3E71nTPjK+0BwW71wLhXKfS+>)
X-Hops: 1
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sun, 19 Aug 2001, Philip M. Gollucci <philip@p6m7g8.com> wrote
>You need
>gateway_enable="YES" in your rc.conf

Forgot to mention that this is in rc.conf

>if you dont' want to restart to try this use :
>sysctl -w net.inet.ip.forwarding=1
>
>which does the same thing.
>
>Until you get it working, I would use more the following firewall rules
>
><from man natd>
>    /sbin/ipfw -f flush
>    /sbin/ipfw add divert natd all from any to any via xl0
>    /sbin/ipfw add pass all from any to any

AFAICS this has a similar effect to the open setting I'm using. 
Following boot up I get:

# ipfw show
00050   264    43573 divert 8668 ip from any to any via xl0
00100   184     7708 allow ip from any to any via lo0
00200     0        0 deny ip from any to 127.0.0.0/8
00300     0        0 deny ip from 127.0.0.0/8 to any
65000 43715 33722417 allow ip from any to any
65535     3      984 deny ip from any to any

if I then try
# ipfw add 10 divert natd all from and to any via xl0

I get
00010   248    41477 divert 8668 ip from any to any via xl0
00050   264    43573 divert 8668 ip from any to any via xl0
00100   184     7708 allow ip from any to any via lo0
00200     0        0 deny ip from any to 127.0.0.0/8
00300     0        0 deny ip from 127.0.0.0/8 to any
65000 43715 33722417 allow ip from any to any
65535     3      984 deny ip from any to any

my new rule 10 has ended up exactly the same as that at 50.
-- 
Chris Hastie

http://www.oak-wood.co.uk/chris/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message