help setting up natd and ipfw on freebsd5.2.1
Christian Hiris
4711 at chello.at
Wed Jun 9 19:26:36 PDT 2004
On Thursday 10 June 2004 03:59, asolomon15 wrote:
> Hello all,
> I tried to setup natd on my fbsd 5.2.1 box and fbsd 4.10 box with no
> luck. What I wanted to do was to setup a gateway for my internal
> network to my cable provider. On my server box I have two ethernet card
> dc0 pointing to cable modem and dc1 pointing to hub so that the other
> computers may connect with my bsd gateway. I managed recompile the
> kernel with options IPFIREWALL and IPDIVERT and kernel compiled
> successfully.
>
> Then I add natd, gateway and firewall to my rc.conf file
> gateway_enable="YES"
> natd_enable="YES'
> natd_interface="dc0"
> firewall_enable="YES"
> firewall_type="/etc/rc.firewall"
You can use the standard firewall script in /etc/rc.firewall as is without
modification, if you change natd_enable="YES' to natd_enable="YES" and
firewall_type="/etc/rc.firewall" to firewall_type="OPEN".
> I wanted to ping an external and internal hosts to see if this
> configuration worked so I really didn't want to have the firewall up
> so I added these 3 lines to my rc.firewall file
>
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via dc0
> /sbin/ipfw add pass from any to any
>
> I wasn't able to ping any host inside or outside of my computer. When I
> disabled the ipfw I was able to ping them. Also I wanted to make sure
> if I needed to configure a dns server on my firewall to allow such
> services like http and ftp for internal hosts. I know that there are
> more sophisticated ipfw setups but I wanted to just get the natd setup
> so I could concentrate on the firewall later on.
>
>
> Thanks if you can help
> Antoine W. Solomon
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
--
Christian Hiris <4711 at chello.at> | OpenPGP KeyID 0x941B6B0B
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040610/809c8638/attachment.bin
More information about the freebsd-questions
mailing list