Date: Tue, 7 Nov 2000 23:34:58 -0500 From: "John Telford" <j.telford@sympatico.ca> To: <net@freebsd.org>, <questions@freebsd.org>, <security@freebsd.org> Subject: Re: Help with natd redirect address Please ???? Message-ID: <000e01c0493d$403d8460$0100000a@johnny5> References: <20001103215005.3885737B479@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the tips, here's what happened:
Lukasz Dudek suggested I recompile without the IPFILTER options and I also
changed rc.conf so that the NIC's were initialized first. See below for my
new settings.
This got the redirect working fine at my office on a DSL connection but when
I took the box on-site it just wouldn't work with the other ISP's numbers.
It's a wireless ISP, but that shouldn't matter according to the ISP.
My initial plan was that since we really just wanted our other site on the
same ISP to have access to the inside servers and not public traffic I was
going to get them setup on a quick (yeah right) redirect then move them to a
VPN solution after I gathered some information on it, see my post at
net@freebsd.org "Re: Tips, How-To on VPN ?" So I set up a VPN tunnel using
pipsec and its working fine. I didn't get to research it as much as I wanted
and will have scrounge some test boxes to try it with ipsec but the users
are happy they can move files across at 1mbs rather than 56k modems.
Regards, John.
P.S. to the E man at the Big O the -u didn't help at tempo either, oh well
just hope Dave doesn't want to access the Mac server from home anytime soon.
Here's my configs that redirect worked with on the DSL:
TEMfw3# more rc.conf
network_interfaces="auto" # List of network interfaces (or "auto").
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
ifconfig_fxp0="inet 216.208.171.XXX netmask 255.255.255.224"
ifconfig_fxp1="inet 10.150.0.241 netmask 255.255.255.0"
#
named_enable="YES" # Run named, the DNS server (or NO).
defaultrouter="216.208.171.XXX"
sendmail_enable="NO"
gateway_enable="YES"
sshd_enable="YES"
inetd_enable="YES"
##############################################################
### Network configuration sub-section ######################
##############################################################
### Basic network and firewall/security options: ###
hostname="TEMfw3" # Set this!
firewall_enable="YES" # Set to YES to enable firewall
functionality
firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="YES"
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="fxp0" # Public interface or IPaddress to use.
natd_flags="-f /etc/natd.conf"
#
TEMfw3#
TEMfw3# more natd.conf
redirect_address 10.150.0.143 216.208.171.XXX
TEMfw3#
kernel settings:
#
options MROUTING # Multicast routing
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPDIVERT #divert sockets
options IPSTEALTH #support for stealth forwarding
options TCPDEBUG
#
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options TCP_RESTRICT_RST #restrict emission of TCP RST
options "ICMP_BANDLIM"
options DUMMYNET
options BRIDGE
TEMfw3#
eot
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000e01c0493d$403d8460$0100000a>