I'm trying to get NAT going, and apparently failing to
understand large parts of the concept,
        1) Per the handbook I have added

options IPDIVERT

        to the kernel.
        2) The firewall is active, and configured so it works for the
machine itself.  (Settings appended.)
        3) I need to do translation for all machines on
        4) Working from the ipfw man page:

ipfw add nat 10 all from any to any


ipfw nat 10 config log ip


ipfw: bad ip address ``''

        OK, choose one machine.

ipfw nat 10 config log ip

        5) Now, start natd. (natd.conf appended)

/sbin/natd -l -f /etc/natd.conf


natd: instance default: aliasing address not given

        Huh?  This has gotten a lot more coplicated since the last
time.  :-P

                                        Robert Huff

#! /bin/sh 


ipfw add 100 pass all from any to any via lo0
ipfw add 200 deny all from any to
ipfw add 300 deny ip from to any

/bin/sleep 3

#    for DHCP

ipfw add 350 allow udp from any 67-68 to any 67-68

#       close NetBios to outside contact


#       close RPC to outside contact


#    no outside SNMP


#     no IRC


#       established connections are okay.

ipfw add 10000 allow tcp from any to any established

#   let all stuff out

ipfw add 10100 allow all from any to any out via $IF

#   internal connections are okay (assuming that is your IP
#   ipfw address range internally)

ipfw add 10200 allow tcp from to any 80

#    not starting natd here, in case it's already running

#     allow anything not previously forbidden

ipfw add 65000 allow ip from any to any

 ****************              natd.conf               ****************
instance 10
interface               em0
same_ports      yes
log_ipfw_denied yes
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to