From owner-freebsd-questions Tue Apr 17 12: 1:22 2001 Delivered-To: freebsd-questions@freebsd.org Received: from suntana.fh-konstanz.de (suntana.fh-konstanz.de [141.37.9.230]) by hub.freebsd.org (Postfix) with ESMTP id C581C37B43F for ; Tue, 17 Apr 2001 12:01:12 -0700 (PDT) (envelope-from vahe@fh-konstanz.de) Received: from vvl10 (vvl10.fh-konstanz.de [141.37.112.110]) by suntana.fh-konstanz.de (8.9.3+Sun/8.9.3) with SMTP id VAA18995; Tue, 17 Apr 2001 21:00:41 +0200 (MET DST) Message-ID: <000a01c0c771$b82fb4e0$6e70258d@vvl10.fh-konstanz.de> From: "Vahe Khachikyan" To: "Joe Mahma" Cc: "FreeBSD-questions" Subject: Re: natd help! Date: Tue, 17 Apr 2001 20:08:00 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ok let's go step by step. I have done this thousand times with plip interface with normal network interface --------------- Lets take a lok at some firewall startup script ------------------------ # Define the firewall command (as in /etc/rc.firewall) for easy # reference. Helps to make it easier to read. fwcmd="/sbin/ipfw -f -q" # Force a flushing of the current rules before we reload. $fwcmd flush $fwcmd add 500 divert natd all from any to My.Very.Real.IP $fwcmd add 600 divert natd all from 10.0.0.3 to any $fwcmd add 3000 pass all from any to any # Deny all the rest. $fwcmd add 65435 deny log ip from any to any ---------------------------------------------------------------------------- ---------------------------------------------------- ---------------- A part from /etc/rc.conf which is responcible for natd --------------------------------------- natd_enable="YES" natd_interface="My.Very.Real.IP" natd_flags="-config /etc/natd.conf" # Additional flags for natd. ---------------------------------------------------------------------------- ---------------------------------------------------- ---------------------------- /etc/natd.conf ------------------------------------------------------------- ------------------- alias_address My.Very.Real.IP redirect_address 10.0.0.3 My.Very.Real.IP same_ports yes use_sockets yes unregistered_only yes ---------------------------------------------------------------------- for the experiment consider running ipfw and natd not at the startup I mean directly start natd from command line like 'natd -config /etc/natd.conf' after running from console the firewalls startup scrpt. Here My.Very.Real.IP is the real IP adress that your modem interface get after connection. 10.0.0.3 is a the network address of the other (to simplify the things) box which you want route. BTW before starting and testing be sure to test if your internal network is OK I.e from natd box ping 10.0.0.3 should work without any firewall or natd running. Regards -- Vahe --- -----Original Message----- From: Joe Mahma To: vahe@fh-konstanz.de Date: Tuesday, April 17, 2001 10:26 PM Subject: Re: natd help! >Thanks, > >I've looked that over a hundred times, and I have done all those things. >>From this article it seems very easy, but somehow it's not working, not even >with the firewall type set to open! I'm trying right now to break down >everything that's on the box and isolate one thing at a time. It does nat, >fw, named, etc etc > >>From: "Vahe Khachikyan" >>To: "Joe Mahma" >>Subject: Re: natd help! >>Date: Tue, 17 Apr 2001 14:33:36 +0100 >> >>Take a look at >>http://www.freebsd.org/tutorials/dialup-firewall/index.html >> >>Regards >>-- >>Vahe >>--- >> -----Original Message----- >> From: Joe Mahma >> To: questions@FreeBSD.ORG >> Date: Tuesday, April 17, 2001 9:47 AM >> Subject: natd help! >> >> >> I'm trying to get a simple firewall/local-caching nameserver/natd box >>running so that I can connect to the internet from an internal network out >>through the BSD box to the internet. >> >> This is harder than it sounds, especially to me and I wonder if anyone >>can help out. I've bashed my head against the wall long enough and it's >>starting to hurt! >> >> Right now all I can to is to get the boxes talking through the Apache >>Proxy server that I built, but other tcp connections can;t be pushed >>through. >> >> Does anyone have a comprehensive set of firewall rules they can send >>that I can look over to see what I may be able to use in my situation? I >>have looked, but haven't been able to find all that I need to get it >>working right. >> >> Regards, >> >> -Joe > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message