Date: Wed, 20 Dec 2000 20:04:08 -0600 From: "Robert M. Buckland" <buckland@btl.net> To: doc@FreeBSD.org Subject: dialup firewall with FreeBSD Message-ID: <5.0.0.25.2.20001220200138.00aa92e0@pop3.norton.antivirus>
next in thread | raw e-mail | index | archive | help
I'm hoping someone out there can help... I've set up a FreeBSD 4.1 machine to act as a firewall routing packets between my internal and external network. I followed your dialup firewall tutorial and recompiled my kernel as you suggested, adding the IPFILTER and IPDIVERT options. I then added the firewall and natd options to my rc.conf file. Upon boot the ipfirewall options and divert are enabled however natd reports that it cannot find the tun0 interface - that it is not a valid interface. I do have the -dynamic tag but pppd does not start until much later - I have it in rc.d as "000pppd.sh" but even though it is the first to start there this still occurs after natd has initialized. I have tried userppp which I can get to use nat but I can't get it to autostart as smoothly as pppd - furthermore I also would prefer to use the kernel based firewall as this system will protect a fairly high profile company. Is there anything I have missed? I noticed in the man pages for natd they mentioned that it is not for dialup options. A bit about my network setup: My connection is also a bit strange - rather than a dialup the connection is a dedicated leased line connection between two analog modems - I'm down here in Belize and this is the best they could offer me. The modems are set to originate and answer respectively I simply need to send an ATZ command to our modem to reestablish the link. The IPs are also static. I have this working nicely with pppd - the chat script simply sends a reset to the modem and pppd is set to persist. I then have a crossover cable (as a perimeter network) to an internal server. That internal server will house the company's mailserver and webserver. I planned to have the FreeBSD box route packets from the outside to the web and mail server on the internal network and route all Internet based traffic from the internal network. It seemed to me like natd and ipfw were the ideal solution. Is there anything I am doing wrong? Something I have missed? Or somewhere you could point me? I'll appreciate any help you can offer. Sincerely Robert Buckland To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.2.20001220200138.00aa92e0>