On Wed, Oct 15, 2008 at 08:40:48PM +1000, Da Rock wrote: > > On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote: > > Jeremy Chadwick wrote: > > > > > On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: > > [snip] > > >> Next, you will want to configure your FreeBSD machine as a NAT gateway. > > >> In your /etc/rc.conf you will want something like gateway_enable="YES" > > >> and some form of firewall initialization. The gateway_enable is what > > >> allows the forwarding of packets between your rl0 and your rl1, but the > > >> activation of NAT functionality is usually a function contained within a > > >> firewall. So conceptually, the firewall will be "in between" rl0 and rl1. > > >> > > >> There are three different firewalls you can choose from. Configuring the > > >> firewall is usually where the inexperienced get stuck. This subject > > >> material is beyond the scope of this missive, and you would do well to > > >> start reading in the Handbook. But essentially, when you configure NAT in > > >> the firewall your rl0 (connected to the ISP) will be assigned a "Public" > > >> IP address and the NAT function will translate between "Public" and > > >> "Private". > > > > With respect to "NAT", the caveat here is the assumption that your DSL/Cable > > modem is *not* already performing NAT. The situation you do not want to get > > into is having *two* NATs. The content herein is assuming that the external > > (rl0) interface is getting assigned a "Public" IP from the ISP. > > > > If this is the case wouldn't the OP set router_enable=YES instead of > gateway?
No. router_enable causes routed(8) to run, which allows for announcements and withdraws of network routes via RIPv1/v2. This is something completely different than forwarding packets. What the OP wants is to route packets from his private LAN (e.g. 192.168.0.0/16) on to the Internet using NAT. That means he has to have a NAT gateway of some kind that forwards and translates packets. That means he needs gateway_enable="yes", which allows IPv4 forwarding to happen "through" the FreeBSD box. In layman's terms, it allows the FreeBSD box to be used a "Gateway" for other computers which are connected to it directly. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"