From owner-freebsd-questions Tue Aug 17 20: 6:25 1999 Delivered-To: freebsd-questions@freebsd.org Received: from topsecret.net (gill.apk.net [207.54.148.62]) by hub.freebsd.org (Postfix) with SMTP id C0C1B14DC4 for ; Tue, 17 Aug 1999 20:06:21 -0700 (PDT) (envelope-from gill@topsecret.net) Received: from stumpy by topsecret.net with SMTP (MDaemon.v2.7.SP5.R) for ; Tue, 17 Aug 1999 23:02:58 -0400 From: "James Gill" To: "freebsd-questions@FreeBSD. ORG" Subject: pls examine my rc.natd Date: Tue, 17 Aug 1999 23:03:11 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal X-MDaemon-Deliver-To: freebsd-questions@FreeBSD.ORG X-Return-Path: gill@topsecret.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG from what I can deduce from the handbook and from Lehy's book what I have here should work, but if it were I wouldn't be writing this. If someone would be kind enough to give this a look i'd be very appreciative. Here's my rc.conf: ============================================= # This file now contains just the overrides from /etc/defaults/rc.conf # please make all changes to this file. # revision 19990816 23:33 # revisor gill@topsecret.net hostname="{kludged_for_paranoia}" releaseName="{releaseName}" tcp_extensions="YES" ### FIREWALL AND NATD CONFIG ### firewall_enable="YES" firewall_type="open" natd_program="/sbin/natd" natd_enable="YES" #firewall_enable must also be set to yes # #and ipdivert must also be in kernel natd_interface="ed1" natd_flags="-f /etc/rc.natd" #named_enable="YES" #named is already working fine but the command to #start it should be moved here #named_program="{/path/to/named}" #default /usr/sbin/named #named_flags="" #syslogd_enable="yes" #i thought the system logger was already working?! ntpdate_enable="YES" ntpdate_flags="ncar.ucar.edu" network_interfaces="ed0 ed1 lo0" ifconfig_ed0="inet 10.101.101.2 netmask 255.255.255.192" ifconfig_ed1="inet 10.101.101.129 netmask 255.255.255.192" defaultrouter="10.101.101.1" gateway_enable="YES" #does this still need to be here? #static_routes="route_int route_ext" #list of static routes #route_int="-net 10.101.101.0 10.101.101.129" #route_ext="-net 10.101.101.128 10.101.101.2" ### CONSOLE ENVIRONMENT CONFIG ### saver="star" blanktime="300" ============================================= Here's my rc.natd: ============================================= #!/bin/sh # natd.conf # configuration file for network address translation program # version 0.3 # 1999/08/17 # gill@topsecret.net ################################################################### # specicify this file by using the commandline jargon: # natd -config /etc/natd.conf ################################################################### # turn on logging, might turn off once the system is running smoothly # logs to /var/log/alias.log and is truncated each time natd is started log yes # deny packets destined for the current IP number # that have no entry in the internal translation table #deny_incoming yes # log denied packets via syslog log_denied yes # see syslog.conf(5) for facility names #log_facility {facility_name} # from natd manpage: "Allocate a socket(2) in order to establish an # FTP data or IRC DCC send connection. This option uses more system # resources, but garuntees successful connections whe port numbers confilict. #use_sockets yes # from natd manpage: "Try to keep the same port number when altering outgoing # packets. With this option, protocols such as RPC will have a better chance # of working. If it is not possible to maintain the port number, it will be # silently changed as per normal. #same_ports yes # FOR DEBUGGING: stay attached to the controlling terminal # and display all packet output to the stdout #verbose yes # Only alter outgoing packets with a 10.0.0.0/8, 172.16.0.0/12, or a # 192.168.0.0/16 address #unregistered_only yes ### redirected ports ### # redirect_port proto tergetIP:targetPORT [aliasIP:]aliasPORT \ # [remoteIP[:remotePORT]] # example: redirect_port tcp inside1:telnet 6666 # means that tcp packets destines for port 6666 on this machine will be sent # to the telnet port on the inside1 machine #redirect_port redirect_port tcp 10.101.101.33:21 21 #ftp redirect_port tcp 10.101.101.131:23 23 #telnet redirect_port tcp 10.101.101.33:25 25 #smtp redirect_port tcp 10.101.101.33:80 80 #www-tcp redirect_port udp 10.101.101.33:80 80 #www-udp redirect_port tcp 10.101.101.33:110 110 #pop3-tcp redirect_port udp 10.101.101.33:110 110 #pop3-udp #redirect_port tcp 123 #ntp #anything below here is commented anyway, snipped for bandwidth... ============================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message