From owner-freebsd-questions  Tue Jan  4  8:15: 1 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from commov.commercialmovers.com (commov.commercialmovers.com [204.107.254.219])
	by hub.freebsd.org (Postfix) with ESMTP id BC117153D2
	for <freebsd-questions@freebsd.org>; Tue,  4 Jan 2000 08:14:51 -0800 (PST)
	(envelope-from jmutter@commercialmovers.com)
Received: from commercialmovers.com ([192.196.1.177]) by commov.commercialmovers.com (8.8.8/SCO5) with ESMTP id LAA29990 for <freebsd-questions@freebsd.org>; Tue, 4 Jan 2000 11:16:47 -0500 (EST)
Message-ID: <38721C7D.98FB7588@commercialmovers.com>
Date: Tue, 04 Jan 2000 11:14:53 -0500
From: "James A. Mutter" <jmutter@commercialmovers.com>
Organization: Commercial Movers, Inc.
X-Mailer: Mozilla 4.6 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Need some help with NAT
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I seem to be having a brain fart here getting NAT setup - I'm looking
for some help.

We're implementing NAT on the BSD box because it's breaking our Ascend
P130 - so I don't need to do firewalling or packet filtering (Yet).  I'd
like to get this all up and running using the 'ipfilter' package so that
implementing a firewall will be easy later on down the road.	

Here's what I've got so far:
  Kernel Options:
    IPFIREWALL
    IPFIREWALL_DEFAULT_TO_ACCEPT
    IPDIVERT
    IPFILTER
    IPSTEALTH (We'll use this later)
    TCP_DROP_SYNFIN (Again, we'll use this later)
    TCP_RESTRICT_RST (We'll use this later also)
    "ICMP_BANDLIM"

In rc.conf we've got this:
  gateway_enable="YES"
    

In rc.local we've got the following entries:
  /sbin/ipf -Fa -f /etc/ipf.rules -E
  /sbin/ipnat -CF -f /etc/ipnat.rules

Finally, we've tried 2 different NIC combos -
1st try was 2NIC's, 2IP's, both plugged into the same LAN - That didn't
work very well.  
2nd try was 1NIC
  pn0=192.196.1.1
  pn0:1=204.XXX.XXX.XXX - That doesn't seem to be working either.  

As soon as I activate the 'ipnat' rules the machine becomes
inaccessible.  However, pings from another machine on the network reveal
something interesting (when ipnat is enabled)  Pings are sent to the
internal interface and returned by the external interface.

Any ideas here?

Thanks again,
Jim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message