From owner-freebsd-questions Fri Oct 24 16:15:22 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA27631 for questions-outgoing; Fri, 24 Oct 1997 16:15:22 -0700 (PDT) (envelope-from owner-freebsd-questions) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA27619 for ; Fri, 24 Oct 1997 16:15:15 -0700 (PDT) (envelope-from brian@awfulhak.org) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id AAA25211; Sat, 25 Oct 1997 00:11:15 +0100 (BST) Message-Id: <199710242311.AAA25211@awfulhak.demon.co.uk> X-Mailer: exmh version 2.0zeta 7/24/97 To: Andy Novick cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and natd In-reply-to: Your message of "Wed, 23 Oct 1996 17:52:20 CDT." <326EA1A4.2777BC56@vnc.lawrence.ks.us> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 25 Oct 1997 00:11:15 +0100 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > I recently switched from Linux to FreeBSD as my firewall of choice. > However I have been having some problems when trying to masquerade just > one machine on my local area network. The only way it seems to work is > if I divert from everything to everything. However this ended up > causing problems with windows 95 machine's netbioses at my ISP. (I have > a cable modem, so we are just one big network) I want to make it so I > am only masquerading my one machine. I have the following set up: > > Windows95 PC (box we are masquerading) IP 192.168.2.2 > FreeBSD PC (firewall) LAN IP= 192.168.2.3 INET IP= 24.124.35.52 ethernet > device= ed0 > > The following does its job with masquerading, but causes the problems > with my ISP: > > natd -port 32000 -interface ed0 > ipfw add divert 32000 ip from any to any via ed0 > ipfw add allow ip from any to any > > All other setups I have tried such as diverting only from 192.168.2.2 to > any has not worked. I would appreciate your insight. Heh, I knew someone would notice this eventually :-( I've been meaning to fix it. Currently, natd mangles broadcast addresses a bit.... I'm not sure to what extent 'cos I haven't got a test bed at the moment (my subnet-subnet routing machine literally blew up a while ago). I suspect it's just a case of having natd be a bit careful about what it passes to libalias - or maybe it's a problem within libalias itself.... dunno (yet). > Thanks, > > Andy > > ================================== > Andrew Novick > anovick@vnc.lawrence.ks.us > Finger for Public PGP Key > http://www.vnc.lawrence.ks.us/ > ================================== -- Brian , , Don't _EVER_ lose your sense of humour....