Setting up a NAT without a firewall
Paul Hoffman
phoffman at proper.com
Tue May 4 09:50:10 PDT 2004
Off-list, someone pointed out to me that ipnat is *much* easier to
deal with than IPFIREWALL and all its baggage. No kernel rebuilding,
no juggling with the firewall. Nice. For those of you in the same
situation as me, definitely look into ipnat.
My system gets its external address from my ISP's DHCP server on
interface em0. The machines in my house are connected to a switch
that is attached to itnerface rl0.
Relevant stuff in /etc/rc.conf:
ifconfig_em0="DHCP"
ifconfig_rl0="inet 10.20.30.1 netmask 255.255.255.0"
gateway_enable="YES"
ipfilter_enable="YES"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
Contents of /etc/ipnat.conf:
map em0 10.20.30.0/24 -> 0/32
Two notes not covered in the ipnat man pages:
- The man page doesn't say which interface name you use in the map
statement; it's the external interface.
- If you get your external IP address from DHCP, you can use "0/32"
as the target. This is very handy.
--Paul Hoffman
More information about the freebsd-questions
mailing list