natd + ipfw, multiple public address routing...
    Hambalek Regis CH [FAT] 
    regis.hambalek at FARNAIR.com
       
    Fri Feb  6 14:12:25 PST 2004
    
    
  
Dear all, hello!   
As my first post I would like to seek some help :)
I'm currently installing a bsd firewall to replace a cisco router for the
filtering and NAT.
Our network is composed of several server having a public IP each on the
net. 
Ihave managed with natd to make the entries from internet on the machines'
public IP to work, but theses machines cannot access internet. 
Here are my config files:
/etc/rc.conf
defaultrouter="157..x.x.193"
gateway_enable="YES"
hostname="firewall"
ifconfig_rl0="inet 157.xxx.xxx.194 netmask 255.255.xxx.xxx"
ifconfig_xl0="inet 10.1.0.2  netmask 255.255.0.0"
firewall_enable="YES"
firewall_script="/etc/firewall.sh"
natd_enable="YES"
natd_flags="-f /etc/natd.conf"
/etc/natd.conf
alias_address 157.x.x.194
same_ports yes
use_sockets yes
redirect_address 10.1.2.2 157.x.x.195
/etc/firewall.sh
ipfw add 100 divert 8668 all from any to any via rl0
ipfw add 110 allow all from any to any via rl0 established
ipfw add 120 allow all from any to any out xmit rl0 setup
ipfw add 130 allow all from 10.1.0.0:255.255.0.0 to any
ipfw add 140 allow all from any to 10.1.0.0:255.255.0.0
ipfw add 150 allow all from any to 10.1.2.2 http https
ipfw add 160 allow all from 10.1.2.2 http https to any
ipfw add 65000 deny all from any to any
A machine with 10.1.0.18 ip address can acces internet with no problem. The
machine 10.1.2.2 can be ping from internet, but cannot access internet.
Knowinf that I have a could of other machine that I'll have to configure a
translation for, can someone say me what to modify to have this working
properly? 
Thanks! :)
    
    
More information about the freebsd-hackers
mailing list