Date: Sat, 14 Aug 2004 23:48:48 -0400 From: "Hakim Z. Singhji" <hakim.singhji@earthlink.net> To: freebsd-questions@freebsd.org, Bill Moran <wmoran@potentialtech.com> Subject: NAT / ipfw / GW - FreeBSD 4.10 to Linux Private Network??? Message-ID: <411EDD20.6090305@earthlink.net>
next in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms030202070204090106060201 Content-Type: multipart/mixed; boundary="------------070103040401080707030108" This is a multi-part message in MIME format. --------------070103040401080707030108 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hello All, So with the help of all of you I have configure my FreeBSD 4.10 gateway. I am able to ping, tracerout, ssh and call webpages with a fully functioning DHCP client. I thank all of you from the bottom of my heart, those of you that helped me out... its been hardwork and late nights (or early mornings) building these computers from scratch and then introducing them with Linux and FreeBSD OS's which I have only a combined year of experience. With that said I have come to the final component of my network... the NAT component. I was trying to play around with it until I found out that I really didn't know what I was doing... so here I am again. I'm trying to configure one box through NAT via my FreeBSD gateway. I figure after I do it once I'll be able to tweak it for the rest of my machines. This is my set up [internet] --------------------- [firewall/gateway] -- [ linux box ] 24.199.105.0 --> 192.168.1.1 -> 192.168.1.3 ( dc0 ) ( txp0 ) ( eth0 ) I'm trying to get internet connection for my linux box, and I also want all pop3, smtp and http passed to my linux box as well. The freebsd box is setup to be headless once I get this configured properly. In addition I would like SSH2 to be able to tunnel from box to box as well as SSH2 outside my network with my Linux box. I have attached my config files for ipfw.rules, rc.conf, and natd.conf however natd.conf is where I am "lost" I don't exactly know the rules for natd.conf. I reviewed my resources: "The Complete FreeBSD" by Greg Lehey and "Absolute BSD" by Michael Lucas however there was not much on the actual syntax. If someone could help me in these areas it would be greatly appreciated. Thanks in advance... Hakim Z. Singhji New York University 1st year Information Systems Management Student --------------070103040401080707030108 Content-Type: text/plain; name="freebsd_rc.conf.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="freebsd_rc.conf.txt" ############################### # RC.CONF FILE ############################### ############ Network ########## gateway_enable="YES" network_interfaces="dc0 txp0 txp1" hostname="redgate.ath.cx" ifconfig_dc0="DHCP" ifconfig_txp0="inet 192.168.1.1/24" ifconfig_txp1="inet 192.168.1.2/24" natd_enable="dc0" natd_flags="-s -u -f /etc/natd.conf" ############# IPFW ############ firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/ipfw.rules" firewall_quiet="NO" firewall_logging_enable="YES" ## Extra Firewalling Options ## log_in_vain="YES" tcp_drop_synfin="NO" tcp_restrict_rst="YES" icmp_drop_redirect="YES" ######## MISC RC Rules ######### ... --------------070103040401080707030108 Content-Type: text/plain; name="ipfw_rules.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw_rules.txt" ################################ # IPFW.RULES ################################ add 00100 allow ip from any to any via lo0 add 00101 deny ip from any to 127.0.0.0/8 # from man ipfw: allow only tcp connections I've created add 00300 check-state add 00301 deny tcp from any to any in established add 00302 allow tcp from any to any out setup keep-state # allow DNS/UDP Packets add 00400 allow udp from 207.69.188.185 53 to any in recv dc0 add 00401 allow udp from 207.69.188.186 53 to any in recv dc0 add 00402 allow udp from 207.69.188.187 53 to any in recv dc0 add 00403 allow udp from any to any out # allow DHCP add 00500 allow udp from any 68 to 24.29.99.105. 67 out via dc0 add 00501 allow udp from 24.29.99.105 67 to any 68 in via dc0 # uncomment rules 00502 and 00503 if ISP's DHCP server has problems #add 00502 allow udp from any 68 to 255.255.255.255 67 out via dc0 #add 00503 allow udp from any 67 to 255.255.255.255 68 in via dc0 #allow some icmp types (codes not supported) add 00600 allow icmp from any to any icmptypes 3 #allow source quench in and out add 00601 allow icmp from any to any icmptypes 4 #allow me to ping out and receive response back add 00602 allow icmp from any to any icmp types 8 out add 00603 allow icmp from any to any icmptypes 0 in #allow me to run traceroute add 00604 allow icmp from any to any icmptypes 11 in --------------070103040401080707030108 Content-Type: text/plain; name="nat.conf.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="nat.conf.txt" ################################## # NAT.CONF ################################## # I'm not at all sure if this is ok for "diverting" these packets # to my private network machines ip and port numbers??? redirect_port tcp 192.168.1.3:110 110 #pop3 redirect_port udp 192.168.1.3:110 110 #pop3 redirect_port tcp 192.168.1.3:25 25 #smtp redirect_port udp 192.168.1.3:25 25 #smtp redirect_port tcp 192.168.1.3:80 80 #http redirect_port udp 192.168.1.3:80 80 #http --------------070103040401080707030108-- --------------ms030202070204090106060201 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJQzCC AvwwggJloAMCAQICAwy3+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNzIwMDQzNzI5WhcNMDUwNzIwMDQzNzI5 WjBmMRAwDgYDVQQEEwdTaW5naGppMQ4wDAYDVQQqEwVIYWtpbTEWMBQGA1UEAxMNSGFraW0g U2luZ2hqaTEqMCgGCSqGSIb3DQEJARYbSEFLSU0uU0lOR0hKSUBFQVJUSExJTksuTkVUMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUTeR/QpDdsw+moCLYMMcdlPychYSTlS iSyHfT3WQjvd2Bv0zFAaZoexll3Ml074YKvy/pLocnU3q07KaBnBdrbn6voqtEK6CaPYRwSg 9vjifE2UPm7bhNaqZ8vYno+bcHeG1XxrrmE3qc84rryC2LkQWdNDi63UeMP7vYJV0k6w+vEj w0kytOUoMen5hH7NwTR+4AMUedJ7dIUbKrpDlaPgvUTJOYye9l1QVGpL5+ZNtXzuCv/jR5Wl XvdRj2oCHK7L5MPe7Q2eqrvM0JivKGh7przQyirPSA3SNdqNx9gVt5+JyVR9dMj3KMpmdWdM J1iTemuKolFxhOlQOtmRawIDAQABozgwNjAmBgNVHREEHzAdgRtIQUtJTS5TSU5HSEpJQEVB UlRITElOSy5ORVQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCFSpTAHGfH1Uej 0PdNtj5O8ZA/Iphf/YBrXiqFmhh+4+FqY46oWdpiBNtAWIisq3AXzpMwCZZYCqn+5Fqen035 amiUi5Q7K+xW0gG5EX+QWdbWPSEzTzL5WJ7N80Gee0WEcf3y7j2iipn7uegA/G5tmtQa7aAm cKoboChJcD8gXTCCAvwwggJloAMCAQICAwy3+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQG EwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMj VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNzIwMDQzNzI5WhcN MDUwNzIwMDQzNzI5WjBmMRAwDgYDVQQEEwdTaW5naGppMQ4wDAYDVQQqEwVIYWtpbTEWMBQG A1UEAxMNSGFraW0gU2luZ2hqaTEqMCgGCSqGSIb3DQEJARYbSEFLSU0uU0lOR0hKSUBFQVJU SExJTksuTkVUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUTeR/QpDdsw+moC LYMMcdlPychYSTlSiSyHfT3WQjvd2Bv0zFAaZoexll3Ml074YKvy/pLocnU3q07KaBnBdrbn 6voqtEK6CaPYRwSg9vjifE2UPm7bhNaqZ8vYno+bcHeG1XxrrmE3qc84rryC2LkQWdNDi63U eMP7vYJV0k6w+vEjw0kytOUoMen5hH7NwTR+4AMUedJ7dIUbKrpDlaPgvUTJOYye9l1QVGpL 5+ZNtXzuCv/jR5WlXvdRj2oCHK7L5MPe7Q2eqrvM0JivKGh7przQyirPSA3SNdqNx9gVt5+J yVR9dMj3KMpmdWdMJ1iTemuKolFxhOlQOtmRawIDAQABozgwNjAmBgNVHREEHzAdgRtIQUtJ TS5TSU5HSEpJQEVBUlRITElOSy5ORVQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB gQCFSpTAHGfH1Uej0PdNtj5O8ZA/Iphf/YBrXiqFmhh+4+FqY46oWdpiBNtAWIisq3AXzpMw CZZYCqn+5Fqen035amiUi5Q7K+xW0gG5EX+QWdbWPSEzTzL5WJ7N80Gee0WEcf3y7j2iipn7 uegA/G5tmtQa7aAmcKoboChJcD8gXTCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV +065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/ p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8 MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/ TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIID NwIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQID DLf6MAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN AQkFMQ8XDTA0MDgxNTAzNDg0OFowIwYJKoZIhvcNAQkEMRYEFDn+Vttu/S0kmYPM7kpaY9AH 6uDAMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG SIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjEL MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMt/owegYLKoZI hvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWlu ZyBDQQIDDLf6MA0GCSqGSIb3DQEBAQUABIIBABvWtFnPld5cohWZ9xYArUGAoXiBRMGbjQI8 p8IvMlZUXQttl7n9eca97hSWd5pygGK5BQzBbkOKr21ID9mENZN4HMqJp/GRJGrZxVpYlop9 iFYXZmyuqVo0lENKBfLPTvuCLuarhn+/XQMv18UVoZ8Nt6eOxLWJI2n2EE5td0a3zq6V+AXn m+9LsfllA3o5kH2ZeQrzvXRX85qOS1cL14QOQ4jQ1knpljuGwuSrdn+b1pEnt1cR50HSpKSP NqZOq1ayOBCq0q69J+F1+bAAaighTN8eqiC7jX8DD2hxCmyIqOF4BxxtWjN4CSFbZYvz52LP v2dixLXHaxaAEUh8k9kAAAAAAAA= --------------ms030202070204090106060201--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411EDD20.6090305>