From owner-freebsd-questions Tue Jan 25 9:24:13 2000 Delivered-To: freebsd-questions@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id EFAC214F1B for ; Tue, 25 Jan 2000 09:24:04 -0800 (PST) (envelope-from jan@caustic.org) Received: from localhost (jan@localhost) by pogo.caustic.org (8.9.3/ignatz) with ESMTP id JAA02393; Tue, 25 Jan 2000 09:24:45 -0800 (PST) Date: Tue, 25 Jan 2000 09:24:44 -0800 (PST) From: "f.johan.beisser" To: William Woods Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DSL natd rules.... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 25 Jan 2000, William Woods wrote: > I am doing a little prep work so when DSL comes in, I will be ready. These are > the proposed rules/entrys/and set up I am thinking of useing. I have in rc.conf > for it. The system that this comes from is going to be a gateway/router. It is > connected to the net like this: looks pretty standard to me.. so, questions: 1 - is the cisco going to firewall, or do you want the freebsd box to do it? 2 - do you need to access the network from anywhere else? > Here is my proposed rc.conf for the gateway/router: > > # This file now contains just the overrides from /etc/defaults/rc.conf > # please make all changes to this file. > # -- sysinstall generated deltas -- # > sendmail_enable="NO" > ifconfig_de0="inet 192.168.0.1 netmask 255.255.255.0" > > defaultrouter="NO" > gateway_enable="YES" > natd_enable="YES" > natd_interface="de1" > natd_flags="-s" > firewall_enable="YES" > firewall_type="OPEN" > dhclient de1 > network_interfaces="de0 de1 lo0" > hostname="alpha.cybcon.com" > > Thanks for any advice/help first, take a look at the man page for natd(8): -log | -l Log various aliasing statistics and information to the file /var/log/alias.log. This file is truncated each time natd is started. -deny_incoming | -d Reject packets destined for the current IP number that have no entry in the internal translation table. with just these two, you've not got a basic firewall. natd simply drops the packet when it's told to deny_incoming. -use_sockets | -s Allocate a socket(2) in order to establish an FTP data or IRC DCC send connection. This option uses more system resources, but guarantees successful connections when port numbers conflict. this is just plain handy, for obvious reasons. -dynamic If the -n or -interface option is used, natd will monitor the routing socket for alterations to the interface passed. If the interfaces IP number is changed, natd will dynamically alter its concept of the alias address. you will probably have to have this option dropped in. make sure natd is bound to the external port (with -n ) there's a whole bunch of useful info in the natd man pages, read them. -- jan +-----// f. johan beisser //------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message