Date: Tue, 25 Jan 2000 09:24:44 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: William Woods <freebsd@cybcon.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DSL natd rules.... Message-ID: <Pine.BSF.4.21.0001250908210.57090-100000@pogo.caustic.org> In-Reply-To: <XFMail.000125002401.freebsd@cybcon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jan 2000, William Woods wrote:
> I am doing a little prep work so when DSL comes in, I will be ready. These are
> the proposed rules/entrys/and set up I am thinking of useing. I have in rc.conf
> for it. The system that this comes from is going to be a gateway/router. It is
> connected to the net like this:
<snippage>
looks pretty standard to me..
so, questions:
1 - is the cisco going to firewall, or do you want the freebsd box to do
it?
2 - do you need to access the network from anywhere else?
> Here is my proposed rc.conf for the gateway/router:
>
> # This file now contains just the overrides from /etc/defaults/rc.conf
> # please make all changes to this file.
> # -- sysinstall generated deltas -- #
> sendmail_enable="NO"
> ifconfig_de0="inet 192.168.0.1 netmask 255.255.255.0"
>
> defaultrouter="NO"
> gateway_enable="YES"
> natd_enable="YES"
> natd_interface="de1"
> natd_flags="-s"
> firewall_enable="YES"
> firewall_type="OPEN"
> dhclient de1
> network_interfaces="de0 de1 lo0"
> hostname="alpha.cybcon.com"
>
> Thanks for any advice/help
first, take a look at the man page for natd(8):
-log | -l Log various aliasing statistics and information to the
file /var/log/alias.log. This file is truncated each time
natd is started.
-deny_incoming | -d
Reject packets destined for the current IP number that
have no entry in the internal translation table.
with just these two, you've not got a basic firewall. natd simply drops
the packet when it's told to deny_incoming.
-use_sockets | -s
Allocate a socket(2) in order to establish an FTP data or
IRC DCC send connection. This option uses more system
resources, but guarantees successful connections when
port numbers conflict.
this is just plain handy, for obvious reasons.
-dynamic If the -n or -interface option is used, natd will monitor
the routing socket for alterations to the interface
passed. If the interfaces IP number is changed, natd
will dynamically alter its concept of the alias address.
you will probably have to have this option dropped in. make sure natd is
bound to the external port (with -n <interface>)
there's a whole bunch of useful info in the natd man pages, read them.
-- jan
+-----// f. johan beisser //------------------------------+
email: jan[at]caustic.org web: http://www.caustic.org/~jan
"knowledge is power. power corrupts. study hard, be evil."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001250908210.57090-100000>