Date: Tue, 4 May 2004 09:50:05 -0700 From: Paul Hoffman <phoffman@proper.com> To: freebsd-questions@FreeBSD.ORG Subject: RE: Setting up a NAT without a firewall Message-ID: <p06100510bcbd7891d439@[10.20.30.249]> In-Reply-To: <200405011813.i41IDOCh083041@above.proper.com> References: <200405011813.i41IDOCh083041@above.proper.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Off-list, someone pointed out to me that ipnat is *much* easier to deal with than IPFIREWALL and all its baggage. No kernel rebuilding, no juggling with the firewall. Nice. For those of you in the same situation as me, definitely look into ipnat. My system gets its external address from my ISP's DHCP server on interface em0. The machines in my house are connected to a switch that is attached to itnerface rl0. Relevant stuff in /etc/rc.conf: ifconfig_em0="DHCP" ifconfig_rl0="inet 10.20.30.1 netmask 255.255.255.0" gateway_enable="YES" ipfilter_enable="YES" ipnat_enable="YES" ipnat_rules="/etc/ipnat.conf" Contents of /etc/ipnat.conf: map em0 10.20.30.0/24 -> 0/32 Two notes not covered in the ipnat man pages: - The man page doesn't say which interface name you use in the map statement; it's the external interface. - If you get your external IP address from DHCP, you can use "0/32" as the target. This is very handy. --Paul Hoffman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06100510bcbd7891d439>