Date: Mon, 6 Oct 2003 13:57:54 -0400 From: "Thomas S. Crum" <tscrum@1wisp.com> To: "'Sean Hafeez'" <sahafeez@edgefocus.com>, <freebsd-ipfw@freebsd.org> Subject: RE: Not using NATD? Message-ID: <002e01c38c33$613aa580$59103218@wolf> In-Reply-To: <09049768-F822-11D7-AFEF-003065F1EE08@edgefocus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes that will work. Here is a snippet from bsd hb. Best, Tom 19.2.4 Building a Router A network router is simply a system that forwards packets from one interface to another. Internet standards and good engineering practice prevent the FreeBSD Project from enabling this by default in FreeBSD. You can enable this feature by changing the following variable to YES in rc.conf(5): gateway_enable=YES # Set to YES if this host will be a gateway This option will set the sysctl(8) variable net.inet.ip.forwarding to 1. If you should need to stop routing temporarily, you can reset this to 0 temporarily. Your new router will need routes to know where to send the traffic. If your network is simple enough you can use static routes. FreeBSD also comes with the standard BSD routing daemon routed(8), which speaks RIP (both version 1 and version 2) and IRDP. Support for BGP v4, OSPF v2, and other sophisticated routing protocols is available with the net/zebra package. Commercial products such as gated are also available for more complex network routing solutions. Even when FreeBSD is configured in this way, it does not completely comply with the Internet standard requirements for routers. It comes close enough for ordinary use, however. -----Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Sean Hafeez Sent: Monday, October 06, 2003 1:25 PM To: freebsd-ipfw@freebsd.org Subject: Not using NATD? OK so normally I use NATD for the users behind the BSD box. ipfw -f flush /sbin/natd -interface rl0 ipfw add 999 divert natd all from any to any via rl0 ipfw add pipe 1 ip from any to any in recv rl1 ipfw add pipe 2 ip from any to any out xmit rl1 ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s rl1 is the inside 192.168.x.x network. So strange question - I do not want to NAT anymore. I am going to be building a site that I want to us real IP's on the internal network. So if I configure the box as a gateway (and make sure my upstream router has a route to the external interface of the BSD for the network behind) will it work? Do I need to do anything else or will the -bash-2.05b$ cat /etc/rc.conf gateway_enable="YES" Just work? Thanks! _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002e01c38c33$613aa580$59103218>