Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Jul 1998 11:21:39 -0700
From:      Ludwig Pummer <>
To:, <questions@FreeBSD.ORG>
Subject:   Re: Dual Hommed Gateway (ipfw and natd)
Message-ID:  <>
In-Reply-To: <000201bdae86$33568200$>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
At 01:46 PM 7/13/98 -0400, wrote:
All this stuff I cut out looks alright.

>I would also like to set up a firewall to protect my network (local) from
>outsiders, but I guess that I should get the router thing working first.  I
>have read the man ipfw and man natd, but they are not much help to me.

don't worry about ipfw just yet. However, the natd manpage does have a
step-by-step. Be sure to scroll down to "RUNNING NATD"
1. get freebsd 2.2 or higher
2. build a custom kernel with "options IPFIREWALL" and "options IPDIVERT".
refer to the handbook on how to build a custom kernel
3. make sure gateway_enable=yes in your rc.conf (yours is)
4. make soure your interface is already configured (meaning its IP is set)
5. create an entry in /etc/services "natd		6668/divert # natd socket"
6. run "natd -interface ed0" (for you the interface would be "de1")
7. edit your rc.firewall rule to add "/sbin/ipfw add divert natd all from
any to any via ed0". for you, you would go down to about line 72 and add "
$fwcmd add divert natd all from any to any via de1"
8. enable your firewall by setting "firewall_enable=YES" in your rc.conf
(you already have)

that should be it! if you have trouble, its good to have bpfilter
pseuo-devices  built into your kernel (the handbook covers this) so that
you can use tcpdump to see which packets are going where and from whom.

>I am also very new to this, but I am learning.  I would appreciate as much
>help as possible, as I have spent the better part of last week on this
>problem, and my deadline is getting near.
>Thanks in advance!
>To Unsubscribe: send mail to
>with "unsubscribe freebsd-questions" in the body of the message
--Ludwig Pummer
ICQ UIN: 692441

To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <>