Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Jun 2001 08:41:58 -0400
From:      Manolo Valdes <admin@atenas.cult.cu>
To:        "Jason Prosser" <jprosser@teraglobal.com>, <freebsd-questions@FreeBSD.ORG>
Subject:   Re: natd/ipfw help...
Message-ID:  <01061408444200.01859@proxy.atenas.cult.cu>
In-Reply-To: <B74D2CDE.3FC%jprosser@teraglobal.com>
References:  <B74D2CDE.3FC%jprosser@teraglobal.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 13 Jun 2001, Jason Prosser wrote:
> I am using 4.3-Release, and I can't seem to get natd and ipfw properly
> configured. (Yes I am a newbe... =) AND PROUD OF IT! )
> 
> I am trying to setup just a basic configuration right now for some network
> performance testing in our lab... Both networks are standalone, so above
> getting the Nat & some basic firewall rules so that all traffic is passed. I
> am not concerned about security.
> 
> The configuration that I am trying to setup is:
> 
> Network A:(Public)   <--->  NAT/Firewall    <--->   Network B:(Private)
> 
> 
> The Nat/Firewall computer has two ethernet cards xl0 & xl1.
> 
> I've trimmed down the kernel to just what I need. (Yes I did add in
> ipfirewall, ipfirewall_verbose, & ipdivert.)
> 
> In rc.conf I have: (Above basic information)
> natd -n xl1
> firewall_enable="YES"
> firewall_type="UNKNOWN"

put firewall_type="open"
read the rc.firewall script and you'll figure out.

> ifconfig_xl1="inet 10.2.0.1 netmask 255.255.255.0"
> ifconfig_xl0="inet 192.168.13.1 netmask 255.255.255.0"
> 
> Firewall rules for right now is
> ipfw -f flush
> ipfw add divert natd tcp from any to any via xl1
> ipfw add divert natd udp from any to any via xl1
> ipfw add allow ip from any to any via xl1
> ipfw add allow ip from any to any via xl0
> ipfw add allow icmp from any to any via xl0
> ipfw add allow icmp from any to any via xl1
> 
> I figure that I am missing something stupid, but I don't know enough yet to
> figure it out... Thank you for the help ahead of time.
> 
> JP
> jprosser@teraglobal.com

Manolito

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01061408444200.01859>