Setting up a NAT without a firewall
Andras Kende
andras at kende.com
Sat May 1 11:13:21 PDT 2004
-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Paul Hoffman
Sent: Saturday, May 01, 2004 11:26 AM
To: freebsd-questions at FreeBSD.ORG
Subject: Setting up a NAT without a firewall
Greetings again. Many folks here helped me last year with my travails
of setting up a FreeBSD 4.8 box as a NAT. I'm trying to reproduce
that on a different box, and failing. My biggest problem seems to be
the firewall, which I don't care about. That is, I just want a NAT: I
don't care about blocking anything incoming or outgoing.
1) Are there directions somewhere for setting up a 4.x box as a NAT
without needing to do all the firewall stuff?
2) Is this easier in 5.x? I can re-gen the box to 5.1.2 if that would
be easier.
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Something like this would work:
Create a new kernel with config:
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
/etc/rc.conf:
defaultrouter="123.123.123.123"
gateway_enable="YES"
natd_enable=yes
natd_interface=fxp0
natd_flags="-f /etc/rc.natd"
firewall_enable=YES
firewall_type="OPEN"
ifconfig_fxp0="inet 123.123.123.123 netmask 255.255.255.0"
ifconfig_fxp1="inet 192.168.1.2 netmask 255.255.255.0"
Open firewall is needed to do the divert:
case ${firewall_type} in
[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via
any
fi
;;
esac
esac
Best regards,
Andras Kende
http://www.kende.com
More information about the freebsd-questions
mailing list