Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 04 Jan 2000 11:14:53 -0500
From:      "James A. Mutter" <jmutter@commercialmovers.com>
To:        freebsd-questions@freebsd.org
Subject:   Need some help with NAT
Message-ID:  <38721C7D.98FB7588@commercialmovers.com>

next in thread | raw e-mail | index | archive | help
I seem to be having a brain fart here getting NAT setup - I'm looking
for some help.

We're implementing NAT on the BSD box because it's breaking our Ascend
P130 - so I don't need to do firewalling or packet filtering (Yet).  I'd
like to get this all up and running using the 'ipfilter' package so that
implementing a firewall will be easy later on down the road.	

Here's what I've got so far:
  Kernel Options:
    IPFIREWALL
    IPFIREWALL_DEFAULT_TO_ACCEPT
    IPDIVERT
    IPFILTER
    IPSTEALTH (We'll use this later)
    TCP_DROP_SYNFIN (Again, we'll use this later)
    TCP_RESTRICT_RST (We'll use this later also)
    "ICMP_BANDLIM"

In rc.conf we've got this:
  gateway_enable="YES"
    

In rc.local we've got the following entries:
  /sbin/ipf -Fa -f /etc/ipf.rules -E
  /sbin/ipnat -CF -f /etc/ipnat.rules

Finally, we've tried 2 different NIC combos -
1st try was 2NIC's, 2IP's, both plugged into the same LAN - That didn't
work very well.  
2nd try was 1NIC
  pn0=192.196.1.1
  pn0:1=204.XXX.XXX.XXX - That doesn't seem to be working either.  

As soon as I activate the 'ipnat' rules the machine becomes
inaccessible.  However, pings from another machine on the network reveal
something interesting (when ipnat is enabled)  Pings are sent to the
internal interface and returned by the external interface.

Any ideas here?

Thanks again,
Jim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38721C7D.98FB7588>