What a coincidence - I have just done the very same thing myself.
I found the most useful reference was the chapters in the
"Complete FreeBSD" by Greg Lehay. Before that, it was very hard
to figure out how to do this.
I looked through the instructions, and it is missing instructions
on how to set up the firewall rules. Basically I followed what
was in the man page for natd. Also, I added a few options to natd.
So, this is what I have: in rc.conf, in addition to what you have:
firewall_script="/etc/rc.firewall.mine"
natd_flags="-s -m -u -dynamic"
and I created a file called rc.firewall.mine containing
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via rl1
/sbin/ipfw add pass all from any to any
Also, in my config file for compiling the kernel I also had the line
options IPFIREWALL_DEFAULT_TO_ACCEPT
I guess that in the end you should remove this line, but at least when
debugging I think it would help out. (I found it very disconcerting
that as soon as I created the firewall, I could not connect anywhere -
especially when like me you really don't know what you are doing.)
One of the options I put on natd might require your local area network
addresses to be 192.168.xxx.xxx, which is what I have.
I also CCed Marc Wandschneider so that if he likes, he could add this
info to his web page.
"B. Carlson" wrote:
>
> I'm trying to set up FreeBSD 4.0 so I can use more than one computer
> for the internet, I have a cable modem. I followed these steps:
> http://freebsd.lanfear.com/howtos/firewall.html
>
> This is my rc.conf file, I have two network cards, xl0 xl1, the first
> xl0 is hooked up directly to the net connection, the 2nd is hooked
> up to a hub. I recompiled my kernel just like the webpage said,
> Natd is running.
>
> linux_enable="YES"
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="open"
> firewall_quiet="NO"
> natd_enable="YES"
> natd_interface="xl0"
> network_interfaces="xl0 xl1 lo0"
> ifconfig_xl0="inet 24.19.88.190 netmask 255.255.255.0"
> defaultrouter="24.19.88.1"
> sshd_enable="YES"
> hostname="nurdcave.com"
> ifconfig_xl1="inet 10.10.10.1 netmask 255.255.0.0"
>
> I'm trying to setup another BSD box behind the firewall, I specify
> it with an IP of 10.10.10.2 and tell it the gateway is at 10.10.10.1
> with a netmask of 255.255.0.0 and still point it to the DNS server
> at 24.2.222.33, which is the server of the cable company. Is
> there any steps in here that I have missed? Am I sending it to the
> wrong spot?
>
> TIA
>
> B. Carlson
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-stable" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
