From owner-freebsd-questions Mon Jul 13 11:22:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA10032 for freebsd-questions-outgoing; Mon, 13 Jul 1998 11:22:30 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from inet.chipweb.ml.org (qmailr@c1003518-a.plstn1.sfba.home.com [24.1.82.47]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA10024 for ; Mon, 13 Jul 1998 11:22:27 -0700 (PDT) (envelope-from ludwigp@bigfoot.com) Received: (qmail 24928 invoked from network); 13 Jul 1998 18:22:32 -0000 Received: from speedy.chipweb.ml.org (172.16.1.1) by inet.chipweb.ml.org with SMTP; 13 Jul 1998 18:22:32 -0000 Message-Id: <3.0.3.32.19980713112139.00700204@mail.plstn1.sfba.home.com> X-Sender: ludwigp@mail.plstn1.sfba.home.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Mon, 13 Jul 1998 11:21:39 -0700 To: charlespeters@chickenbean.com, From: Ludwig Pummer Subject: Re: Dual Hommed Gateway (ipfw and natd) In-Reply-To: <000201bdae86$33568200$20710418@ci1000971-c.sptnbrg1.sc.hom e.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 01:46 PM 7/13/98 -0400, charlespeters@chickenbean.com wrote: All this stuff I cut out looks alright. >I would also like to set up a firewall to protect my network (local) from >outsiders, but I guess that I should get the router thing working first. I >have read the man ipfw and man natd, but they are not much help to me. don't worry about ipfw just yet. However, the natd manpage does have a step-by-step. Be sure to scroll down to "RUNNING NATD" 1. get freebsd 2.2 or higher 2. build a custom kernel with "options IPFIREWALL" and "options IPDIVERT". refer to the handbook on how to build a custom kernel 3. make sure gateway_enable=yes in your rc.conf (yours is) 4. make soure your interface is already configured (meaning its IP is set) 5. create an entry in /etc/services "natd 6668/divert # natd socket" 6. run "natd -interface ed0" (for you the interface would be "de1") 7. edit your rc.firewall rule to add "/sbin/ipfw add divert natd all from any to any via ed0". for you, you would go down to about line 72 and add " $fwcmd add divert natd all from any to any via de1" 8. enable your firewall by setting "firewall_enable=YES" in your rc.conf (you already have) that should be it! if you have trouble, its good to have bpfilter pseuo-devices built into your kernel (the handbook covers this) so that you can use tcpdump to see which packets are going where and from whom. > >I am also very new to this, but I am learning. I would appreciate as much >help as possible, as I have spent the better part of last week on this >problem, and my deadline is getting near. > >Thanks in advance! > >Charles > >charlespeters@chickenbean.com >charlespeters@tecpro.com > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > --Ludwig Pummer ludwigp@bigfoot.com ICQ UIN: 692441 http://chipweb.home.ml.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message