Hi All, Firstly, I'm sorry for late reply. For simplicity to your responses, I shall ask question by question...
* Manolis Kiagias ([EMAIL PROTECTED]) wrote: > > There are at least two ways that I know of to achieve this. One uses the > ipfw firewall, the other the pf firewall. > For the ipfw solution, look at the FreeBSD Handbook: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html 1. I heard that ppp itself has capability of NAT. It can work with the command ppp -nat and without running natd. Please tell me whether it is right or wrong. ipfw is the same. If natd is not used, I can't add the rule ... add divert natd ip from any to any via tun0 to /etc/ipfw.rules. I'm confused. 2. And if natd is still required, what -nat argument (ppp -nat) is for? > This worked fine for me, although I prefer to use pf. Here is how I > setup pf (Adjust for your interfaces as necessary) > > My Internet interface is rl0, setup in rc.conf as: > > ifconfig_rl0="inet 192.168.0.100 netmask 255.255.255.0" > > My local interface is rl1, setup in rc.conf as: > > ifconfig_rl1="inet 192.168.1.100 netmask 255.255.255.0" 3. I haven't mentioned that I can't use this configuration. I have 2 interfaces i.e. public and private LAN. But I have only one NIC card for private LAN. I don't have NIC card for public. I'm using 56k modem to connect the outside world. I think I can't add ifconfig_tun0="inet 192.168.0.100 netmask 0xffffff00" to /etc/rc.conf. If I'm wrong, please tell me. I did much googling. All sites always refer 2 NIC cards being used like your example. I do have only one NIC card + 56k serial modem (/dev/cuad0). > (I also have a defaultrouter setting which probably does not apply to you) > > I have nameserver entries in /etc/resolv.conf (or setup your own DNS > server if you wish) 4. I also have nameserver entries. I tried setting DNS server on my WinXP host to both gateway (FBSD host) and DNS servers of ISP. Both don't work. > Use this settings in rc.conf for pf: > > pf_enable="YES" > pflog_logfile="/var/log/pflog" > pflog_flags="" > pf_rules="/etc/pf.conf" > pf_flags="" > gateway_enable="YES" 5. I think I have equivalent setting of ipfw in /etc/rc.conf but don't work. gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" firewall_quite="YES" firewall_script="/etc/ipfw.rules" firewall_logging="YES" > Run: > # sysctl net.inet.ip.forwarding=1 > # /etc/rc.d/routing restart > > Add net.inet.ip.forwarding=1 to /etc/sysctl.conf so it persists reboots 6. I recompiled my kernel. options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=120 options IPDIVERT I think it should be equivalent to sysctl setting. > Add the following rule to /etc/pf.conf > > nat pass on rl0 from rl1:network to any -> rl0 > > AFAIR, if rl0 has a dynamic address, you will have to write it with > parentheses, like: > > nat pass on rl0 from rl1:network to any -> (rl0) > (Note that in /etc/pf.conf translation rules like the above, are placed > above filtering rules like pass or block etc) > You may have to adjust /etc/pf.conf filtering rules, assuming you have any. > > Restart some services > > # /etc/rc.d/netif restart > # /etc/rc.d/routing restart > # /etc/rc.d/pf restart > > or simply reboot, and you should be set. 7. I don't know about PF. * Fbsd1 ([EMAIL PROTECTED]) wrote: > You need to run dhcp so you can assign ip address on the LAN so the down > stream xp box can gain access to the public internet through your > gateway freebsd box. There is a detailed step by step instructions in > the install guide at www.a1poweruser.com 8. I read doc from the mentioned site. The doc does not mention anything about sharing ppp dial-up to the other host. And I'm sorry dhcp is not the point of my concern now. I only want to share internet access whether IP is static or dynamic. BTW the doc is very good anyway. I shall keep it. :-) * Polytropon ([EMAIL PROTECTED]) wrote: > First of all, I made my kernel capable; significant parts: > # Firewall, NAT > ...blah 9. I compiled the kernel following your advice excepted NETGRAPH. I think PPPoE is not the point of concern > Configuration in /etc/rc.conf goes this way: > ifconfig_xl0="inet 192.168.0.1 netmask 0xffffff00" > ifconfig_rl0="inet 192.168.1.1 netmask 0xffffff00 media 10baseT/UTP" 10. As said earlier, my interface connecting to outside are 56k serial modem (/dev/cuad0). I think I can't set /dev/cuad0 (or even tun0) in this way. 11. CONCLUSION: I did read much document. More I read, more I get confused. I tried many possible things but still don't work. My RECENT configurations are as followings. /etc/rc.conf gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" firewall_quite="YES" natd_enable="YES" natd_interface="tun0" natd_flags="-s -u -m" kernel options options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=120 options IPDIVERT /etc/ipfw.rules add divert natd ip from any to any via tun0 ppp command ppp -background -nat myisp With these settings, My FBSD host can NOT even dial out to ISP. :-( Please anybody tell me, what I do wrong here. At this time I must go back to the original setting in order to dial ISP. And lastly I'm sorry for long questions. Thank you. Pongthep _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
