On Wed, Oct 15, 2008 at 08:40:48PM +1000, Da Rock wrote:
> 
> On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote:
> > Jeremy Chadwick wrote:
> > 
> > > On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote:
> > [snip] 
> > >> Next, you will want to configure your FreeBSD machine as a NAT gateway.
> > >> In your /etc/rc.conf you will want something like gateway_enable="YES"
> > >> and some form of firewall initialization[1]. The gateway_enable is what
> > >> allows the forwarding of packets between your rl0 and your rl1, but the
> > >> activation of NAT functionality is usually a function contained within a
> > >> firewall. So conceptually, the firewall will be "in between" rl0 and rl1.
> > >> 
> > >> There are three different firewalls you can choose from. Configuring the
> > >> firewall is usually where the inexperienced get stuck. This subject
> > >> material is beyond the scope of this missive, and you would do well to
> > >> start reading in the Handbook. But essentially, when you configure NAT in
> > >> the firewall your rl0 (connected to the ISP) will be assigned a "Public"
> > >> IP address and the NAT function will translate between "Public" and
> > >> "Private".
> > 
> > With respect to "NAT", the caveat here is the assumption that your DSL/Cable
> > modem is *not* already performing NAT. The situation you do not want to get
> > into is having *two* NATs. The content herein is assuming that the external
> > (rl0) interface is getting assigned a "Public" IP from the ISP. 
> >  
> 
> If this is the case wouldn't the OP set router_enable=YES instead of
> gateway?

No.  router_enable causes routed(8) to run, which allows for
announcements and withdraws of network routes via RIPv1/v2.  This is
something completely different than forwarding packets.

What the OP wants is to route packets from his private LAN (e.g.
192.168.0.0/16) on to the Internet using NAT.  That means he has to have
a NAT gateway of some kind that forwards and translates packets.  That
means he needs gateway_enable="yes", which allows IPv4 forwarding
to happen "through" the FreeBSD box.  In layman's terms, it allows
the FreeBSD box to be used a "Gateway" for other computers which
are connected to it directly.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to