confusion configuring NAT
Robert Huff
roberthuff at rcn.com
Wed Mar 19 13:02:52 PDT 2008
I'm trying to get NAT going, and apparently failing to
understand large parts of the concept,
1) Per the handbook I have added
options IPFIREWALL
options IPDIVERT
to the kernel.
2) The firewall is active, and configured so it works for the
machine itself. (Settings appended.)
3) I need to do translation for all machines on 10.0.0.0/8.
4) Working from the ipfw man page:
ipfw add nat 10 all from any to any
then
ipfw nat 10 config log ip 10.0.0.0/8
Uh-oh:
ipfw: bad ip address ``10.0.0.0/8''
OK, choose one machine.
ipfw nat 10 config log ip 10.0.0.3
Accepted.
5) Now, start natd. (natd.conf appended)
/sbin/natd -l -f /etc/natd.conf
Nope:
natd: instance default: aliasing address not given
Huh? This has gotten a lot more coplicated since the last
time. :-P
Robert Huff
#! /bin/sh
IF=em0
OF=em1
ipfw add 100 pass all from any to any via lo0
ipfw add 200 deny all from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any
/bin/sleep 3
# for DHCP
ipfw add 350 allow udp from any 67-68 to any 67-68
# close NetBios to outside contact
/etc/ipfw.netbios.set
# close RPC to outside contact
/etc/ipfw.rpc.set
# no outside SNMP
/etc/ipfw.snmp.set
#
# no IRC
#
/etc/ipfw.irc.set
# established connections are okay.
ipfw add 10000 allow tcp from any to any established
# let all stuff out
ipfw add 10100 allow all from any to any out via $IF
# internal connections are okay (assuming that 10.0.0.0/8 is your IP
# ipfw address range internally)
ipfw add 10200 allow tcp from 10.0.0.0/8 to any 80
# not starting natd here, in case it's already running
# allow anything not previously forbidden
ipfw add 65000 allow ip from any to any
**************** natd.conf ****************
instance 10
interface em0
same_ports yes
log_ipfw_denied yes
More information about the freebsd-questions
mailing list