Date: Tue, 17 Aug 1999 23:03:11 -0400 From: "James Gill" <gill@topsecret.net> To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: pls examine my rc.natd Message-ID: <NDBBJDFMIMOCFNNCEKADMEACCPAA.gill@topsecret.net>
next in thread | raw e-mail | index | archive | help
from what I can deduce from the handbook and from Lehy's book what I
have here should work, but if it were I wouldn't be writing this. If
someone would be kind enough to give this a look i'd be very
appreciative.
Here's my rc.conf:
=============================================
# This file now contains just the overrides from /etc/defaults/rc.conf
# please make all changes to this file.
# revision 19990816 23:33
# revisor gill@topsecret.net
hostname="{kludged_for_paranoia}"
releaseName="{releaseName}"
tcp_extensions="YES"
### FIREWALL AND NATD CONFIG ###
firewall_enable="YES"
firewall_type="open"
natd_program="/sbin/natd"
natd_enable="YES" #firewall_enable must also be set to yes
# #and ipdivert must also be in kernel
natd_interface="ed1"
natd_flags="-f /etc/rc.natd"
#named_enable="YES" #named is already working fine but the command to
#start it should be moved here
#named_program="{/path/to/named}" #default /usr/sbin/named
#named_flags=""
#syslogd_enable="yes" #i thought the system logger was already
working?!
ntpdate_enable="YES"
ntpdate_flags="ncar.ucar.edu"
network_interfaces="ed0 ed1 lo0"
ifconfig_ed0="inet 10.101.101.2 netmask 255.255.255.192"
ifconfig_ed1="inet 10.101.101.129 netmask 255.255.255.192"
defaultrouter="10.101.101.1"
gateway_enable="YES" #does this still need to be here?
#static_routes="route_int route_ext" #list of static routes
#route_int="-net 10.101.101.0 10.101.101.129"
#route_ext="-net 10.101.101.128 10.101.101.2"
### CONSOLE ENVIRONMENT CONFIG ###
saver="star"
blanktime="300"
=============================================
Here's my rc.natd:
=============================================
#!/bin/sh
# natd.conf
# configuration file for network address translation program
# version 0.3
# 1999/08/17
# gill@topsecret.net
###################################################################
# specicify this file by using the commandline jargon:
# natd -config /etc/natd.conf
###################################################################
# turn on logging, might turn off once the system is running smoothly
# logs to /var/log/alias.log and is truncated each time natd is
started
log yes
# deny packets destined for the current IP number
# that have no entry in the internal translation table
#deny_incoming yes
# log denied packets via syslog
log_denied yes
# see syslog.conf(5) for facility names
#log_facility {facility_name}
# from natd manpage: "Allocate a socket(2) in order to establish an
# FTP data or IRC DCC send connection. This option uses more system
# resources, but garuntees successful connections whe port numbers
confilict.
#use_sockets yes
# from natd manpage: "Try to keep the same port number when altering
outgoing
# packets. With this option, protocols such as RPC will have a better
chance
# of working. If it is not possible to maintain the port number, it
will be
# silently changed as per normal.
#same_ports yes
# FOR DEBUGGING: stay attached to the controlling terminal
# and display all packet output to the stdout
#verbose yes
# Only alter outgoing packets with a 10.0.0.0/8, 172.16.0.0/12, or a
# 192.168.0.0/16 address
#unregistered_only yes
### redirected ports ###
# redirect_port proto tergetIP:targetPORT [aliasIP:]aliasPORT \
# [remoteIP[:remotePORT]]
# example: redirect_port tcp inside1:telnet 6666
# means that tcp packets destines for port 6666 on this machine will
be sent
# to the telnet port on the inside1 machine
#redirect_port
redirect_port tcp 10.101.101.33:21 21 #ftp
redirect_port tcp 10.101.101.131:23 23 #telnet
redirect_port tcp 10.101.101.33:25 25 #smtp
redirect_port tcp 10.101.101.33:80 80 #www-tcp
redirect_port udp 10.101.101.33:80 80 #www-udp
redirect_port tcp 10.101.101.33:110 110 #pop3-tcp
redirect_port udp 10.101.101.33:110 110 #pop3-udp
#redirect_port tcp 123 #ntp
#anything below here is commented anyway, snipped for bandwidth...
=============================================
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBJDFMIMOCFNNCEKADMEACCPAA.gill>