From owner-freebsd-questions  Sat Nov 25  1:51:10 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from hyperreal.org (taz.hyperreal.org [209.133.83.16])
	by hub.freebsd.org (Postfix) with SMTP id 9D1C437B4CF
	for <freebsd-questions@freebsd.org>; Sat, 25 Nov 2000 01:51:07 -0800 (PST)
Received: (qmail 17977 invoked by uid 12); 25 Nov 2000 09:51:08 -0000
Message-ID: <20001125095108.17976.qmail@hyperreal.org>
From: mike@hyperreal.org
Subject: natd basic setup help
To: freebsd-questions@freebsd.org
Date: Sat, 25 Nov 2000 01:51:08 -0800 (PST)
X-Mailer: ELM [version 2.4ME+ PL60 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

NAT. I've been RTFM'ing all night and am just not getting it. My ISP has
assigned me a static IP address. I want to use that address for my FreeBSD
machine, and have my 2 other machines masquerading as the same IP. The
configuration is pretty simple:

 [private_box_1]-----.
                     |
 [private_box_2]-----|___[switch]___[DSL_modem]___[ISPs_router]
                     |
 [public_BSD_box]----'

The switch is unmanaged and the DSL modem is in bridging mode, so it's
essentially just a wire between my network and my ISP's router, which I
use as my gateway (216.241.42.1). No PPP or dynamic IPs are involved.

I want to give the private boxes IP addresses 10.0.0.*, and have them use
the BSD box as their gateway. The BSD box needs to keep its public IP
address (216.241.42.159). Sounds pretty typical, right?

1. I have a fresh install of FreeBSD 4.2-RELEASE.
2. I compiled my kernel with
      options IPFIREWALL
      options IPDIVERT
3. I have in my /etc/rc.conf
      ifconfig_rl0="inet 216.241.42.159  netmask 255.255.255.0"
      defaultrouter="216.241.42.1"
      gateway_enable="YES"
      natd_enable="YES"
      natd_interface="216.241.42.159"
      firewall_type="open"

According to a post I found in the freebsd-questions archive, despite the
natd man page's mention of the -f option, for some reason I don't really
want to have natd_flags="-f /etc/natd.conf" pointing to a file containing
things like
      redirect_address 10.0.0.1 216.241.42.159
      redirect_address 10.0.0.2 216.241.42.159
because now all one has to do is edit some magic /etc/rc.firewall script.

Am I just being especially dense tonight or is there nothing in
/etc/rc.firewall that says anything about mapping IP addresses or passing
arguments to natd? All I see in there is stuff that looks like it
shouldn't be changed.. just making sure packets *go* to natd.. nothing
about actually *configuring* natd.

So with this setup, regardless of whether I put in the natd_flags and a
natd.conf, inbound and outbound packets are all being denied or dropped at
the BSD box. I can't ping it from the outside, I can't ping it from the
inside, I can't ping the router from there, nothing..


What am I missing, here? The Complete FreeBSD (3rd ed.), the Handbook, the
man pages and the 'tutorials' I have seen are all very sketchy about
setting up what seems like a pretty common thing.

One other caveat, but shouldn't be affecting what I'm seeing now, is that
my /etc/resolv.conf is pointing to DNS servers on 192.168.*.*, indicating
that my ISP is doing some aliasing of their own (and the reason why I want
10.0.0.* for my private network).

Many thanks in advance,

   - Mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message