NAT, VPN and other SOHO router advice

Nick Stenning nickstenning at
Thu Apr 6 22:12:30 UTC 2006

On 4/6/06, Chuck Swiger <cswiger at> wrote:
> Given what you've said, you should set up the FreeBSD machine as a bridge
> rather than a router.
> It's possible to do other things, such as changing the NAT address range
> used by rl1 and your Vigor 2600, yet also set up NAT on the FreeBSD machine,
> including GRE passthrough and PPTP in /etc/natd.conf, but that would be
> evil, hard to debug, and otherwise tempting the fates.  :-)
> # NATD configuration options
> dynamic yes
> interface rl1
> #log yes
> log_denied yes
> use_sockets yes
> same_ports yes
> unregistered_only yes
> #punch_fw 10000:100
> redirect_proto gre
> redirect_port udp 500
> redirect_port udp 4500
> redirect_port udp 62515
> redirect_port tcp 10000
> redirect_port tcp pptp
> # The above rules allow passthrough for the Cisco VPN software, and should
> also work with SonicWall's VPN client.  OpenVPN uses just a single UDP port,
> and would be very easy to set up on FreeBSD if you liked.
> --
> -Chuck

Thanks to both of you for all your input .. its a great help!

Chuck -- since you appear to have given me the config options for
something that's "evil, hard to debug, and otherwise tempting the
fates", would you mind explaining how to set up the FBSD box as a

Or perhaps I'm missing something ... is that what that config is for?

More information about the freebsd-questions mailing list