On Wed, 2008-10-15 at 22:22 -0700, mdh wrote: > --- On Thu, 10/16/08, Da Rock <[EMAIL PROTECTED]> wrote: > > From: Da Rock <[EMAIL PROTECTED]> > > Subject: Re: How to get my Dad's Win2k system to access internet through my > > FreeBSD 6.2 system > > To: email@example.com > > Date: Thursday, October 16, 2008, 1:04 AM > > > > <grin> Actually I'm not sure... I'm just an > > innocent bystander :) > > > > Throughout the thread there was mention of enabling nat in > > the rc.conf, > > so whichever that was... > > > > My consideration was just in general. Someone mentioned > > enabling nat, > > another said don't double nat, so I thought routed > > would be better. But > > it seems routed is not the way to go, but to keep > > gateway_enable: > > question remains as to whether to use nat or not (I suppose > > in any form; > > but if you can enlighten me with regard if one form of nat > > is better > > than another especially in the case of double nat then > > I'd appreciate > > the information). > > > > The main reason I'm bring up this issue is to clarify > > (and possibly the > > OP will then get a better picture too) of precisely how to > > accomplish > > the result required. And maybe increase my knowledge of the > > subject > > too :) thats always a good thing. > > Essentially, you need three things to accomplish nat'ing via the way I'm > going to describe. There're several ways to do it, but I'll only cover one > here, because to describe others, I'd need to go look up docs, which you're > more than welcome to do for yourself if you don't like the way I'm going to > touch on. > > First, you need gateway_enable set to yes in /etc/rc.conf. This is > universally true regardless of which method you use for nat'ing. What this > does is instruct the kernel that it has multiple interfaces, and that it must > pass packets across them, acting as a router. This has nothing to do with > various route discovery protocols, it only sets a sysctl which tells the > kernel to route packets across multiple interfaces. The default behavior is > for the kernel not to do so. > > Second, you'll need some way for your NAT to get packets. In some cases, the > NAT method is built into the way that it gets packets. With the way I'm > discussing here, it's not. In this case, we'll use `ipfw`. You'll need a > kernel that supports ipfw for this to work, obviously. The rule you'll need > should look something like this: > divert 8668 ip4 from any to any via sis0 > Where sis0 is your EXTERNAL network interface (ie, the one facing your cable > modem, modem, or whatever else.) The command to add this should look > something like: `ipfw add <rule number> divert 8668 ip4 from any to any via > <interface>` where rule number is the rule number you'll use (it should be a > low one!) and interface is your external-facing network interface device. > > Third, you'll need natd itself. natd can be enabled via - you guessed it - > the rc.conf variable natd_enable. That's not all, though. You'll also need > to (in rc.conf) set natd_interface to the interface you specified in the > firewall rule, and you'll almost certainly want to set natd_flags to "-u". > > So all in all, you'll need the ipfw rule, ipfw enabled in your kernel, and > the following lines in rc.conf: > gateway_enable="YES" > natd_program="/sbin/natd" > natd_enable="YES" > natd_interface="sis0" > natd_flags="-u" > > You may also need to run dhclient or somesuch to get an address from your > ISP, but that's a whole other story. > Enjoy. > > - mdh
Been there, done that before (at the time I was merely fumbling, but I have greater experience now)... interesting point in that is the fact that natd_enable tells the kernel to pass packets between interfaces. I'm assuming the problem with double nat'ing is the confusion in packet traffic. So if the OP is using his ADSL modem to connect to the net, then it could be safe to assume the public IP would be to the modem itself, and not his box (barring the possible use of USB), so then the nat'ing would already be done. Therefore, the best and easiest way would be to simply bridge his interfaces- correct? Less overheads, etc, plus simplicity of setup. Oh I love a good hypothetical- it lets me experiment with systems without touching anything or breaking it :) The fact that someone else might build on their knowledge is just a cherry on top. I've not come across another list that so freely shares knowledge... its great! _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"