Date: Fri, 20 Nov 1998 09:59:33 -0800 (PST) From: Dan Busarow <dan@dpcsys.com> To: Forrest Aldrich <forrie@forrie.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [resend] Ip_masquerading, NATD & Internet (more questions) Message-ID: <Pine.BSF.3.96.981120094823.22639C-100000@java.dpcsys.com> In-Reply-To: <4.1.19981120102246.00a6de30@206.25.93.69>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Nov 1998, Forrest Aldrich wrote:
> STAGE 1
> ======================================
> I have 2 NICs on my FreeBSD system: xl0 and xl1. xl0 is the outbound
> interface (connected to the
> cable modem), xl1 is the private network (hooked to a hub)
>
> I imported in some firewall rules and added, at the beginning of them:
>
> $fwcmd add divert natd all from any to any via xl0
>
> This was tried with the firewall rules and as an OPEN system (yes, I have
> DIVERT and all
> the rest of the definitions in /usr/src/sys/i386/conf).
>
> From what I was able to gleen from the manpage (3.0-RELEASE), I used:
>
> /usr/sbin/natd -dynamic -interface xl0
>
> Which I'm not clear is correct. I did toy around with the firewall rules and
> natd, eventually
> I was able to get out to the internet, but not through the hub I had connected
> to xl1. I think
> that failed because I didn't hook in a straight-through cable from xl1 to the
> uplink port on the hub.
Your natd command line is correct.
If you don't have a "crossover" cable plug xl1 into a normal port.
> It's not clear about whether you need to add specific IPFW rules for the
> internal interface (in this
> case 10.0.0.3).
OPEN is open. You do have to enable IP forwarding in /etc/rc.conf
gateway_enable="YES"
> STAGE 1.5 :-)
> =======================================
>
> I have been able to get the dhclient to work properly when booting to obtain
> the IP address. But
> don't screw with it afterwards, as you'll hose everything.
>
> Aside from not being able to get a carrier on xl1 (again, I think due the cable
> type, I'll try it again),
> I wasn't able to get isc-dhcpd2 to work. It complained that I had no subnet
> declaration for my
> ISP's address (the host) -- even though I've told it only to run on xl1. This
> part is particularly important,
> as the Windoze hosts I have hooked in the hub are used on other nets and need
> dhcpd.
What command are you using to start dhcpd?
dhcpd xl1
should work fine. Your dhcpd.conf can be real simple, just a
subnet 192.168.1.0 255.255.255.0 {
range 192.168.1.10 192.168.1.20;
}
for example.
> STAGE 2
> =======================================
>
> While using the dhclient for your IP address does work, using this with a
> firewall presents
> a few gotchyas. As I recall: You need to somehow obtain the network,
> netmask, host IP, etc.
> for use in /etc/rc.firewall. I would imagine you could obtain variables from
> /etc/dhclient-script
> and save them to a file on bootup.
You can also soecify the interface instead of IP address in rc.firewall.
Dan
--
Dan Busarow 949 443 4172
Dana Point Communications, Inc. dan@dpcsys.com
Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981120094823.22639C-100000>