Date: Wed, 29 Mar 2000 10:14:11 -0600 (CST) From: Brennan W Stehling <brennan@offwhite.net> To: Richard Martin <dmartin@origen.com> Cc: Achim Patzner <ap@bnc.net>, freebsd-ipfw@FreeBSD.ORG Subject: Re: NATD Translation Message-ID: <Pine.BSF.4.10.10003290952350.72565-100000@home.offwhite.net> In-Reply-To: <38E21E40.2FA2352A@origen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have FreeBSD 3.4 set up on my home network to translate my LAN address
through to the single IP I have for my DSL connection. It was really
simple for me to set up and you may find it helpful.
First I compiled the kernel with additional options for the IP filtering
and firewall turned on. They are...
options IPDIVERT #divert sockets
options IPFILTER #kernel ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPSTEALTH #support for stealth forwarding
That allowed me to start using ipnat with kernel support. I tried to use
natd by itself but that was not working despite much effort. The program
ipnat does all the work apparently so I decided to use that.
Next I added one line to /etc/rc.conf
firewall=open
That opens up the firewall but I believe it still offers me protection.
It does not matter too much to me since I am only using iptnat to
translate internal addresses. I will have to read more about it to know
for sure.
Then I set up a config file at /etc/natrules. I chose 192.168.1.* as my
home IP block.
map xl1 192.168.1.0/16 -> 0.0.0.0/32 portmap tcp/udp 40000:65000
map xl1 192.168.1.0/16 -> 0.0.0.0/32
That sets all the translation mapping. (There is documentation at the end
of this email.)
Finally I set up a startup script at /usr/local/etc/rc.d/ipnat.sh
<start>
#!/bin/sh
ipnat -f /etc/natrules
</stop>
Once you have it configured correctly you can run this startup script and
try it out. It worked right away for me.
A few things you may need to know in addition to this is how to get the
internal network to run. I had some problems but luckily worked them out
pretty quick. My outside gateway and subnet have one setting while my
internal network must use my internal server. So I have two ethernet
cards, one running the outside connection and one for the internal network
and connected to my 8 port hub.
My two nic cards are xl0 and xl1. Here is some ifconfig output.
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 216.127.196.249 netmask 0xffffff00 broadcast 216.127.196.255
And from the home network I set my router to 192.168.1.2 and my address to
anything else in the 192.168.1.* ip block.
For more help you can look here...
http://www.freebsddiary.org/ipfilter334.html
http://www.freebsddiary.org/ipnat.html
http://www.freebsdzine.org/attic/199901/ipfilter.txt
I hope this info helps. Let me know how it goes.
Brennan Stehling - web developer and sys admin
projects: www.onmilwaukee.com | www.sncalumni.com
fortune:
Make it myself? But I'm a physical organic chemist!
On Wed, 29 Mar 2000, Richard Martin wrote:
>
>
> Achim Patzner wrote:
> >
> > On Wed, Mar 29, 2000 at 08:27:56AM -0600, Richard Martin wrote:
> > > I am using F'BSD 3.4-STABLE as a firewall and NATD to masquerade an internal
> > [...]
> > > Have I overlooked something?
> >
> > Yes: Adding the config files to get a reasonable answer from us.
>
> Whoops, I thought I pasted that in. Here is the network portion:
>
> hostname="horizon.formed.net"
> network_interfaces="vx0 xl0 lo0"
> ifconfig_vx0="inet 192.168.0.1 netmask 255.255.255.0"
> ifconfig_xl0="inet 216.80.68.30 netmask 255.255.255.128"
> defaultrouter="216.80.68.1"
> gateway_enable="YES"
>
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="custom"
>
> natd_enable="YES"
> natd_interface="xl0"
>
> named_enable="YES"
> portmap_enable="NO"
> nfs_client_enable="NO"
> nfs_server_enable="NO"
> <snip>
>
> thanks for your help
>
> --
> Richard Martin dmartin@origen.com
>
> OriGen, inc. Tel: +1 512 474 7278
> 2525 Hartford Rd. Fax: +1 512 708 8522
> Austin, TX 78703 http://www.formed.net
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10003290952350.72565-100000>