Date: Sun, 25 Mar 2001 21:51:02 -0800 From: Robin Lo <asailcat@yahoo.com> To: freebsd-questions@FreeBSD.ORG Subject: Reply NAT questions, sorry attached are my rc.conf file and ipnat.rules file Message-ID: <5.0.2.1.0.20010325214801.00a45ec0@pop.mail.yahoo.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] >Please read through the message. Any suggestions would be much >appreciated....Thanks > >Personally, I generally use the kernel ipfilter interface that installs >with FreeBSD and I'm not terribly familiar with the ipnat system. > >-Bill > >Robin Lo wrote: > > > > Thanks Bill for the quick response. Your reply solves the problem with the > > messages being displayed, however I am still unable to get to the internet > > with my internal boxes. I can't surf the internet when I configure an > > internal client with eg 10.0.0.1/8 and with a subnet mask of > > 255.0.0.0. Please take a look at my conf files. > > > > ***Attached is my rc.conf and ipnat.rules files. Please take a look and > > let me know what you find. Thanks for your help. Robin > > > > Port 138 is netbios stuff. Typical Micros~1 broadcast traffic. The > > solution is to remove all the Windows-based machines from you network. > > Barring that, I'd program your NAT box with a firewall that rejects or > > drops those packets. Or you could just ignore it or program ipnat not to > > complain about it. It's probably just the Micros~1 machines making sure > > everyone else on the network knows they're there every 15 seconds or > > whatever the default interval is. I believe on some of the Micros~1 > > boxes you can turn of "lanmanager annoucements" or other such broadcast > > options to reduce this traffic. > > > > -Bill > > > > Robin Lo wrote: > > > > > > Hello, > > > > > > I have set up FreeBSD 4.2 to be used for NAT. I have 2 NIC cards > > > configured for the network. The internal network is configured > > > with--10.0.0.0/8, and the second NIC with it's ISP default settings. > > > The external NIC has been tested. I am able to ping to the outside > > > world. I support an internal network with an NT2000 Server used for > > > DNS, DHCP, and Active Directory services supporting serveral Windows > > > /Pro/NT40/ and 98 clients. When running the NAT box i get > > > these messages that appear accross the screen. It occurs while > > > working in vi or any other programs. > > > > > > March 24 03:36:39 firewall /kernel: Connection attempt to UDP > > > 64.160.131.xx9:138 from 64.160.131.xx8:138 > > > > > > March 24 03:36:39 firewall /kernel: Connection attempt to UDP > > > 10.255.255.255:138 from 10.10.1.1:138 > > > > > > March 24 03:36:39 firewall /kernel: Connection attempt to UDP > > > 10.255.255.255:138 from 10.10.1.3:138 > > > > > > March 24 03:58:38 firewall last message repeated 2 times > > > > ------------------------------------------------------------------------ > > Name: rc.conf.new > > rc.conf.new Type: unspecified type (application/octet-stream) > > Encoding: base64 > > > > Name: ipnat.rules > > ipnat.rules Type: unspecified type (application/octet-stream) > > Encoding: base64 [-- Attachment #2 --] #Startup scripts local_startup="/usr/local/etc/rc.d" #Basic network options hostname="firewall.usasportspick" network_interfaces="lo0 xl0 xl1" ifconfig_lo0="inet 127.0.0.1" ifconfig_xl0="inet 64.160.131.xx7 netmask 255.255.255.xx" ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0" defaultrouter="64.160.131.xxx" #Firewall/security options ipfilter_enable="YES" #ipfilter_program="/sbin/ipf -Fa -f" # Purge ipf and make all install clean ipfilter_rules="/etc/ipf.rules" ipfilter_flags="" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" ipmon_enable="YES" ipmon_flags="-D /var/log/ipflog" log_in_vain="YES" tcp_drop_synfin="YES" tcp_restrict_rst="YES" icmp_drop_redirect="YES" icmp_log_redirect="YES" #Network daemon options #sshd_enable="NO" # Local console access #sshd_program="/usr/sbin/sshd" #sshd_flags="" #Network routing options static_routes="0 1 2 3" route_0="-net 10.0.0.2 -netmask 255.255.255.0 -interface 64.160.131.xx7" route_1="-net 10.0.0.3 -netmask 255.255.255.0 -interface 64.160.131.xx7" route_2="-net 10.0.0.4 -netmask 255.255.255.0 -interface 64.160.131.xx7" route_3="-net 10.0.0.5 -netmask 255.255.255.0 -interface 64.160.131.xx7" #route_0="-net 10.160.0.0 10.0.1.10 -netmask 255.255.0.0" #route_1="-net 10.161.0.0 10.0.1.10 -netmask 255.255.0.0" #route_2="-net 10.162.0.0 10.0.1.10 -netmask 255.255.0.0" #route_2="-net 10.162.0.0 10.0.1.10 -netmask 255.255.0.0" #route_00=" -net 16.64.0.0 -interface 64.160.131.xx7" #route_16=" -net 16.64.16.0 -interface 64.160.131.xx7" #route_32=" -net 16.64.32.0 -interface 64.160.131.xx7" gateway_enable="YES" #router_enable="NO" # Set to YES to enable a routing daemon #router="routed" # Name of routing daemon to use if enabled #router_flags="-q" # Flags for routing daemon #forward_sourceroute="NO" # Do source routing (only if gateway_enable is set to "YES") #accept_sourceroute="NO" # Accept source routed packets to us #System console options saver="yes" saver="fire" blanktime="200" #Miscellaneous administrative options cron_enable="NO" # sendmail_enable="NO" kern_securelevel_enable="YES" kern_securelevel="2" #accounting_enable="NO" # Accounting? #linux_enable="NO" # Tripwire? #svr4_enable"NO" # Practice SRV4 commands [-- Attachment #3 --] map xl0 10.0.0.0/8 -> 64.160.131.xx7/32 portmap tcp/udp 10000:65000 map xl0 10.0.0.0/8 -> 64.160.131.xx7/32 #rdr xl0 64.160.131.xx7/32 port 80 -> 10.0.0.1 port 80 tcphome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.0.20010325214801.00a45ec0>