Date: Mon, 03 Aug 1998 03:15:45 +0300 From: Evren Yurtesen <yurtesen@turkey.ispro.net.tr> To: Mike Reeh <michaelr@ss454.dyn.ml.org> Cc: "David W. Curry" <david@magickalhome.com>, FreeBSD Questions <freeBSD-questions@FreeBSD.ORG> Subject: Re: I am running out of hope for hatd or any proxy at that! Message-ID: <35C50131.4067114C@turkey.ispro.net.tr> References: <Pine.BSF.3.96.980802105104.1224A-100000@ss454.dyn.ml.org>
next in thread | previous in thread | raw e-mail | index | archive | help
hello
actually you do not need to use natd with ppp!
there is an a lot easier way to do ip masquerading!
here is a caption from;
man ppp
Supports packet aliasing. Packet aliasing (a.k.a. IP masquerading) al-
lows computers on a private, unregistered network to access the Internet.
The PPP host acts as a masquerading gateway. IP addresses as well as TCP
and UDP port numbers are aliased for outgoing packets and de-aliased for
returning packets.
also near the end of the man page
PACKET ALIASING
The -alias command line option enables packet aliasing. This allows the
ppp host to act as a masquerading gateway for other computers over a lo-
cal area network. Outgoing IP packets are aliased so that they appear to
come from the ppp host, and incoming packets are de-aliased so that they
are routed to the correct machine on the local area network. Packet
aliasing allows computers on private, unregistered subnets to have Inter-
net access, although they are invisible from the outside world. In gen-
eral, correct ppp operation should first be verified with packet aliasing
disabled. Then, the -alias option should be switched on, and network ap-
plications (web browser, telnet(1), ftp(1), ping(8), traceroute(8))
should be checked on the ppp host. Finally, the same or similar applica-
tions should be checked on other computers in the LAN. If network appli-
cations work correctly on the ppp host, but not on other machines in the
LAN, then the masquerading software is working properly, but the host is
either not forwarding or possibly receiving IP packets. Check that IP
forwarding is enabled in /etc/rc.conf and that other machines have desig-
nated the ppp host as the gateway for the LAN.
Mike Reeh wrote:
> This is what I've done to setup natd on my lan to allow the internal
> machines see the rest of the internet, several times successfully.. i'll
> try to remember everything.
>
> First things first, build your kernel with:
>
> options IPFIREWALL
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPDIVERT
>
> now, default to accept isnt necessary but i'd use it just to be safe....
> after you build your kernel, do a quick edit of your /etc/rc.conf and
> change these values:
>
> firewall_enable="YES"
> firewall_type="/etc/rc.firewall"
> gateway_enable="YES"
>
> firewall_type is now pointing to another file named /etc/rc.firewall which
> is something i made up so dont expect to figure that one out.. now what
> you need to do is open an editor (vi, ee, joe, pico, etc) on your
> /etc/rc.firewall file (will be a new file) and enter these lines, which i
> happened to have taken directly from the natd man page, but work
> perfectly:
>
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via ppp0
> /sbin/ipfw add pass all from any to any
>
> ppp0 is what you need to change to your public network interface.. for me,
> i unfortunately dont have ether to the internet, i have a lousy dialup ppp
> connection, but it works.. if you have ethernet, use the interface (i.e.
> de0, ed0, etc) that actually talks to the internet.
>
> now you need to edit your /etc/services file.... you need to add a
> separate line with this in it:
>
> natd 8668/divert #NATD
>
> next is for your natd rules.... for this i used a file called
> /etc/natd.conf in which i have the following lines:
>
> use_sockets
> same_ports
> interface ppp0
>
> again, use the same interface that you did with your /etc/rc.firewall (its
> the PUBLIC network interface)
>
> ok now we're getting close... what i did then was edit my /etc/rc.local to
> start up natd automagically... i did it by modifying the "starting local
> daemons" part.. i dont remember exactly what it looked like before but
> this is waht it looks like now:
>
> echo -n 'starting local daemons:'
> echo -n ' natd' ; /usr/sbin/natd -f /etc/natd.conf
>
> as you can see it starts natd wit the options file (-f) /etc/natd.conf .
> If all goes well it should fork :) and not leave you hanging. if it does
> just ^C it on bootup but you shouldnt have to worry about that..
>
> with all this information, im making a huge assumption that you have your
> ifconfig's all setup w/ the right netmask, and ip address' and whatnot.
>
> the only other thing that i did was make the gateway on the local machines
> the same as the IP# of the natd machine..
>
> one last quick reboot w/ your new kernel and all your new settings, and
> you should be good to go.. also dont forget to set the DNS ip's on the
> local machines to whatever your natd machine uses...
>
> good luck and let me know if it worked :) if it did i'll show you some
> other settings i use to let me telnet into the local machines on special
> ports from the internet, etc....
>
> Mike Reeh
> michaelr@ss454.dyn.ml.org
> breadfan
>
> On Sat, 1 Aug 1998, David W. Curry wrote:
>
> > Well, I'm on day 5 now of trying to configure natd as a proxy server for my LAN. I guess I just need step-by-step instruction becuase I have read every man file and web page on it I can find. Maybe I am just slow :)
> >
> > Anyway, I have a BSD Unix Box that I use to dial-up to my ISP (primenet). I dial directly into my unix shell account. My Win95 box is on a network (192.168.200.2) with my BSD Box. I can telnet and ping to the Unix box NP. I want to set up BSD as a proxy for my 95 Machine. Can anyone maybe ask me some specific questions about my systems and tell me how to set up my client and server?
> >
> > Any help would be appreciated.
> >
> > Thank you,
> >
> > Dave
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35C50131.4067114C>