--- On Thu, 10/16/08, Da Rock <[EMAIL PROTECTED]> wrote:
> From: Da Rock <[EMAIL PROTECTED]>
> Subject: Re: How to get my Dad's Win2k system to access internet through my 
> FreeBSD 6.2 system
> To: freebsd-questions@freebsd.org
> Date: Thursday, October 16, 2008, 1:04 AM
> <grin> Actually I'm not sure... I'm just an
> innocent bystander :)
> Throughout the thread there was mention of enabling nat in
> the rc.conf,
> so whichever that was...
> My consideration was just in general. Someone mentioned
> enabling nat,
> another said don't double nat, so I thought routed
> would be better. But
> it seems routed is not the way to go, but to keep
> gateway_enable:
> question remains as to whether to use nat or not (I suppose
> in any form;
> but if you can enlighten me with regard if one form of nat
> is better
> than another especially in the case of double nat then
> I'd appreciate
> the information).
> The main reason I'm bring up this issue is to clarify
> (and possibly the
> OP will then get a better picture too) of precisely how to
> accomplish
> the result required. And maybe increase my knowledge of the
> subject
> too :) thats always a good thing.

Essentially, you need three things to accomplish nat'ing via the way I'm going 
to describe.  There're several ways to do it, but I'll only cover one here, 
because to describe others, I'd need to go look up docs, which you're more than 
welcome to do for yourself if you don't like the way I'm going to touch on.  

First, you need gateway_enable set to yes in /etc/rc.conf.  This is universally 
true regardless of which method you use for nat'ing.  What this does is 
instruct the kernel that it has multiple interfaces, and that it must pass 
packets across them, acting as a router.  This has nothing to do with various 
route discovery protocols, it only sets a sysctl which tells the kernel to 
route packets across multiple interfaces.  The default behavior is for the 
kernel not to do so.  

Second, you'll need some way for your NAT to get packets.  In some cases, the 
NAT method is built into the way that it gets packets.  With the way I'm 
discussing here, it's not.  In this case, we'll use `ipfw`.  You'll need a 
kernel that supports ipfw for this to work, obviously.  The rule you'll need 
should look something like this:
divert 8668 ip4 from any to any via sis0
Where sis0 is your EXTERNAL network interface (ie, the one facing your cable 
modem, modem, or whatever else.)  The command to add this should look something 
like: `ipfw add <rule number> divert 8668 ip4 from any to any via <interface>` 
where rule number is the rule number you'll use (it should be a low one!) and 
interface is your external-facing network interface device.  

Third, you'll need natd itself.  natd can be enabled via - you guessed it - the 
rc.conf variable natd_enable.  That's not all, though.  You'll also need to (in 
rc.conf) set natd_interface to the interface you specified in the firewall 
rule, and you'll almost certainly want to set natd_flags to "-u".  

So all in all, you'll need the ipfw rule, ipfw enabled in your kernel, and the 
following lines in rc.conf:

You may also need to run dhclient or somesuch to get an address from your ISP, 
but that's a whole other story.  

- mdh

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to