Date: Sat, 25 Oct 1997 00:11:15 +0100 From: Brian Somers <brian@awfulhak.org> To: Andy Novick <anovick@vnc.lawrence.ks.us> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and natd Message-ID: <199710242311.AAA25211@awfulhak.demon.co.uk> In-Reply-To: Your message of "Wed, 23 Oct 1996 17:52:20 CDT." <326EA1A4.2777BC56@vnc.lawrence.ks.us>
next in thread | previous in thread | raw e-mail | index | archive | help
> I recently switched from Linux to FreeBSD as my firewall of choice. > However I have been having some problems when trying to masquerade just > one machine on my local area network. The only way it seems to work is > if I divert from everything to everything. However this ended up > causing problems with windows 95 machine's netbioses at my ISP. (I have > a cable modem, so we are just one big network) I want to make it so I > am only masquerading my one machine. I have the following set up: > > Windows95 PC (box we are masquerading) IP 192.168.2.2 > FreeBSD PC (firewall) LAN IP= 192.168.2.3 INET IP= 24.124.35.52 ethernet > device= ed0 > > The following does its job with masquerading, but causes the problems > with my ISP: > > natd -port 32000 -interface ed0 > ipfw add divert 32000 ip from any to any via ed0 > ipfw add allow ip from any to any > > All other setups I have tried such as diverting only from 192.168.2.2 to > any has not worked. I would appreciate your insight. Heh, I knew someone would notice this eventually :-( I've been meaning to fix it. Currently, natd mangles broadcast addresses a bit.... I'm not sure to what extent 'cos I haven't got a test bed at the moment (my subnet-subnet routing machine literally blew up a while ago). I suspect it's just a case of having natd be a bit careful about what it passes to libalias - or maybe it's a problem within libalias itself.... dunno (yet). > Thanks, > > Andy > > ================================== > Andrew Novick > anovick@vnc.lawrence.ks.us > Finger for Public PGP Key > http://www.vnc.lawrence.ks.us/ > ================================== -- Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <bri@OpenBSD.org> <http://www.Awfulhak.org>; Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710242311.AAA25211>