On Wed, Oct 15, 2008 at 08:40:48PM +1000, Da Rock wrote:
> On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote:
> > Jeremy Chadwick wrote:
> > 
> > > On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote:
> > [snip] 
> > >> Next, you will want to configure your FreeBSD machine as a NAT gateway.
> > >> In your /etc/rc.conf you will want something like gateway_enable="YES"
> > >> and some form of firewall initialization[1]. The gateway_enable is what
> > >> allows the forwarding of packets between your rl0 and your rl1, but the
> > >> activation of NAT functionality is usually a function contained within a
> > >> firewall. So conceptually, the firewall will be "in between" rl0 and rl1.
> > >> 
> > >> There are three different firewalls you can choose from. Configuring the
> > >> firewall is usually where the inexperienced get stuck. This subject
> > >> material is beyond the scope of this missive, and you would do well to
> > >> start reading in the Handbook. But essentially, when you configure NAT in
> > >> the firewall your rl0 (connected to the ISP) will be assigned a "Public"
> > >> IP address and the NAT function will translate between "Public" and
> > >> "Private".
> > 
> > With respect to "NAT", the caveat here is the assumption that your DSL/Cable
> > modem is *not* already performing NAT. The situation you do not want to get
> > into is having *two* NATs. The content herein is assuming that the external
> > (rl0) interface is getting assigned a "Public" IP from the ISP. 
> >  
> If this is the case wouldn't the OP set router_enable=YES instead of
> gateway?

No.  router_enable causes routed(8) to run, which allows for
announcements and withdraws of network routes via RIPv1/v2.  This is
something completely different than forwarding packets.

What the OP wants is to route packets from his private LAN (e.g. on to the Internet using NAT.  That means he has to have
a NAT gateway of some kind that forwards and translates packets.  That
means he needs gateway_enable="yes", which allows IPv4 forwarding
to happen "through" the FreeBSD box.  In layman's terms, it allows
the FreeBSD box to be used a "Gateway" for other computers which
are connected to it directly.

| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to