Date: Thu, 6 Apr 2006 23:12:28 +0100 From: "Nick Stenning" <nickstenning@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: NAT, VPN and other SOHO router advice Message-ID: <c7eef7920604061512u5a500244ge239e99bfdc2ca98@mail.gmail.com> In-Reply-To: <44358D8F.5050605@mac.com> References: <c7eef7920604061128j2703048u1fbf229a93758c91@mail.gmail.com> <44358D8F.5050605@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/6/06, Chuck Swiger <cswiger@mac.com> wrote: > > Given what you've said, you should set up the FreeBSD machine as a bridge > rather than a router. > > It's possible to do other things, such as changing the NAT address range > used by rl1 and your Vigor 2600, yet also set up NAT on the FreeBSD machi= ne, > including GRE passthrough and PPTP in /etc/natd.conf, but that would be > evil, hard to debug, and otherwise tempting the fates. :-) > > # NATD configuration options > dynamic yes > interface rl1 > #log yes > log_denied yes > use_sockets yes > same_ports yes > unregistered_only yes > #punch_fw 10000:100 > redirect_proto gre 10.1.1.2 > redirect_port udp 10.1.1.2:500 500 > redirect_port udp 10.1.1.2:4500 4500 > redirect_port udp 10.1.1.2:62515 62515 > redirect_port tcp 10.1.1.2:10000 10000 > redirect_port tcp 10.1.1.2:pptp pptp > > # The above rules allow passthrough for the Cisco VPN software, and shoul= d > also work with SonicWall's VPN client. OpenVPN uses just a single UDP po= rt, > and would be very easy to set up on FreeBSD if you liked. > > -- > -Chuck > Thanks to both of you for all your input .. its a great help! Chuck -- since you appear to have given me the config options for something that's "evil, hard to debug, and otherwise tempting the fates", would you mind explaining how to set up the FBSD box as a bridge? Or perhaps I'm missing something ... is that what that config is for?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c7eef7920604061512u5a500244ge239e99bfdc2ca98>