Re: NAT under FreeBSD

Sat, 20 May 2000 23:03:39 -0700 

On Sat, 20 May 2000, Damian Gerow wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> This is going to be a dumb question, but I can't figure it out, and I
> can't find any NAT under FreeBSD resources anywhere.
> 
> I'm setting up, for the first time, a FreeBSD firewall.  I come from a
> Linux background, and I am lost.  I understand the firewalling commands,
> the code, etc., but I cannot, for the life of me, get NAT working.  Yes,
> I am running natd, and yes, I do have the NAT firewall entry (I forget
> the line).  I have a 10.0.0.0/24 internal network, and the default
> policy is DENY.  (Even this way, I can't ping out for some unknown
> reason.)

My understanding, and perhaps I'm wrong, is that IPfilter handles nat,
with ipnat and map commands:

map tun0 192.168.66.0/24 -> 209.69.80.8/32 portmap tcp/udp 10000:60000
map tun0 192.168.66.0/24 -> 209.69.80.8/32

look at:

/usr/src/contrib/ipfilter/rues/BASIC.NAT

config goes in /etc/ipnat.conf

and is started via rc scripts on bootup like so:

ipnat -f /etc/ipnat.conf

flush with:

ipnat -C && ipnat -f /etc/ipnat.conf

If I'm wrong, please correct me, thanks,

Ron DuFresne

> 
> I know this isn't much, but I think I'm a bit over my head right now.
> Does anyone know of any resources on the internet that would point to
> how to do this?
> 
> Thanks for your help.
> 
> Damian Gerow
> Intellitactics, Inc.
> 
> The shortest distance between two points is through Hell.   - Brian
> Clark 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBOScrW/WPEBDMsfC4EQIPCgCeKck+/urlPZ1vpfUAhYVGMn1SyGgAn08+
> 7npPEph5F3JAxGtxcBIe3oZ7
> =jA9y
> -----END PGP SIGNATURE-----
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to