Date: Fri, 15 Jul 2005 14:18:48 -0400 From: Chuck Swiger <cswiger@mac.com> To: freebsd-questions@freebsd.org Subject: IPFW+natd & Cisco VPN tunnelling.... Message-ID: <42D7FE08.4000902@mac.com>
next in thread | raw e-mail | index | archive | help
Hi, all-- I'm working on a new firewall running FreeBSD-5.4, IPFW, and natd for a small client network of about 50 boxes, using a single routable IP via a T1 link. They want to set up a Cisco 87x router as a VPN endpoint, my part is to set up forwarding of the VPN traffic via the firewall to this cisco. The firewall box is a Dell 2850 with dual Intel em NICs. Since I'm waiting for someone else to get that box up, I decided to check here whether my config is sane. I'm using a normal divert rule to forward traffic to natd, which is working fine, and have this as /etc/natd.conf: # NATD configuration options dynamic yes interface em1 #log yes log_denied yes use_sockets yes same_ports yes unregistered_only yes redirect_port tcp 192.168.1.2:www www redirect_proto gre ciscovpn redirect_port udp ciscovpn:500 500 redirect_port tcp ciscovpn:10000 10000 redirect_port tcp ciscovpn:pptp pptp ...where ciscovpn is obviously the hostname for the Cisco 870 box. Is there any way to convince natd to re-read the natd.conf file short of killing and restarting the daemon entirely? The manpage didn't say so, and "kill -HUP" terminates the process. -- -Chuck PS: It seems unfortunate that not including a natd_interface statement in rc.conf causes /etc/rc.firewall to not include a divert rule, but that can be corrected by using your own rules in a file and setting firewall_type.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42D7FE08.4000902>