I'm trying to get NAT going, and apparently failing to understand large parts of the concept, 1) Per the handbook I have added
options IPFIREWALL options IPDIVERT to the kernel. 2) The firewall is active, and configured so it works for the machine itself. (Settings appended.) 3) I need to do translation for all machines on 10.0.0.0/8. 4) Working from the ipfw man page: ipfw add nat 10 all from any to any then ipfw nat 10 config log ip 10.0.0.0/8 Uh-oh: ipfw: bad ip address ``10.0.0.0/8'' OK, choose one machine. ipfw nat 10 config log ip 10.0.0.3 Accepted. 5) Now, start natd. (natd.conf appended) /sbin/natd -l -f /etc/natd.conf Nope: natd: instance default: aliasing address not given Huh? This has gotten a lot more coplicated since the last time. :-P Robert Huff #! /bin/sh IF=em0 OF=em1 ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any /bin/sleep 3 # for DHCP ipfw add 350 allow udp from any 67-68 to any 67-68 # close NetBios to outside contact /etc/ipfw.netbios.set # close RPC to outside contact /etc/ipfw.rpc.set # no outside SNMP /etc/ipfw.snmp.set # # no IRC # /etc/ipfw.irc.set # established connections are okay. ipfw add 10000 allow tcp from any to any established # let all stuff out ipfw add 10100 allow all from any to any out via $IF # internal connections are okay (assuming that 10.0.0.0/8 is your IP # ipfw address range internally) ipfw add 10200 allow tcp from 10.0.0.0/8 to any 80 # not starting natd here, in case it's already running # allow anything not previously forbidden ipfw add 65000 allow ip from any to any **************** natd.conf **************** instance 10 interface em0 same_ports yes log_ipfw_denied yes _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"