From owner-freebsd-questions Mon Mar 22 10: 7:22 1999 Delivered-To: freebsd-questions@freebsd.org Received: from larry.unet.tm (cx62616-a.cv1.sdca.home.com [24.0.158.12]) by hub.freebsd.org (Postfix) with ESMTP id 9490F14C3E for ; Mon, 22 Mar 1999 10:07:21 -0800 (PST) (envelope-from david@unet.tm) Received: from portal.west.saic.com (portal.west.saic.com [198.151.12.15]) by larry.unet.tm (8.9.1/8.9.1) with SMTP id KAA07741; Mon, 22 Mar 1999 10:17:32 -0800 (PST) Reply-To: From: "David Burger" To: "'Tim Pushor'" , "'Hugh Blandford'" Cc: Received: from dhcp42-155.hctg.saic.com by portal.west.saic.com via smtpd (for cx62616-a.cv1.sdca.home.com [24.0.158.12]) with SMTP; 22 Mar 1999 18:06:36 UT Subject: RE: NAT Question Date: Mon, 22 Mar 1999 10:05:40 -0800 Message-ID: <000001be748e$98efc120$9b2a0b0a@curly.hctg.saic.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <002601be7534$227b2ec0$9801a8c0@dedalus> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tim, Just a suggestion, have you tried adding the following two lines at the beginning of your firewall rules: ipfw add allow any from {protected} to any via any ipfw add divert 6886 from {NATed} to any via {PubInterface} I am not an expert, but this should allow open communication from the protected interfaces to the internet without NAT getting in the way. The only thing I can see as a problem is packets coming back to the protected interface. This can easily be handled by additional rules. Hope this helps, David -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Tim Pushor Sent: Tuesday, March 23, 1999 5:51 AM To: Hugh Blandford Cc: questions@FreeBSD.ORG Subject: Re: NAT Question Well, I have tried that. I did not want to do that initially because I wanted to learn exactly how ipfw and divert worked with NAT, and how I could manipulate firewall ACL's. But after not being able to get this working for a while, I did try -unregistered_only but the effect was that packets from my protected network did not get sent to the 'router or nat machines' default gateway. i.e. I could ping the public side of the router/nat box but could not ping the internet any more (before the nat I could fine). Think I am doing something wrong? Thanks for the response, Tim -----Original Message----- From: Hugh Blandford To: Tim Pushor Date: Monday, March 22, 1999 12:30 AM Subject: Re: NAT Question >Hi Tim, > >if your protected network is routable on the internet and you don't want to >do any NAT then there is a switch you can insert in the config file or at >runtime: > >-unregistered_only or -u > >Regards, > >Hugh > >At 22:51 22/03/99 -0700, you wrote: >>Hello, >> >>I have built a NAT box using ipfw and natd on FreeBSD 2.2.8. I can't seem to >>accomplish what I am trying to do: >> >>I have three interfaces (the IP's have been changed to protect the innocent >>:) >> >>public - 207.122.216.0 255.255.255.128 >>protected - 207.122.216.129 255.255.255.128 >>private - 192.168.1.0 255.255.255.0 >> >>What I am trying to do is to use the machine as a router between the public >>and protected interfaces (and default routing out to a router that will >>forward to the Internet), but NAT the private interface to an IP address on >>the public side. >> >>The NAT works fine.. The problem I am having is that after enabling nat, the >>protected interface will no longer forward to the Internet. >> >>What I am wondering is how I should configure ipfw so that traffic to/from >>the private network is NATted, and that routing between the public and >>protected interfaces is unnafected. >> >>Can someone help shed some light on this? >>Many thanks, >>Tim >> >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >> >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message