Re: NAT / ipfw / GW - FreeBSD 4.10 to Linux Private Network???
Hakim Z. Singhji [EMAIL PROTECTED] wrote: Hello All, So with the help of all of you I have configure my FreeBSD 4.10 gateway. I am able to ping, tracerout, ssh and call webpages with a fully functioning DHCP client. I thank all of you from the bottom of my heart, those of you that helped me out... its been hardwork and late nights (or early mornings) building these computers from scratch and then introducing them with Linux and FreeBSD OS's which I have only a combined year of experience. With that said I have come to the final component of my network... the NAT component. I was trying to play around with it until I found out that I really didn't know what I was doing... so here I am again. I'm trying to configure one box through NAT via my FreeBSD gateway. I figure after I do it once I'll be able to tweak it for the rest of my machines. This is my set up [internet] - [firewall/gateway] -- [ linux box ] 24.199.105.0-- 192.168.1.1 - 192.168.1.3 ( dc0 ) ( txp0 ) ( eth0 ) I'm trying to get internet connection for my linux box, You simply need to set 192.168.1.1 as the Linux box's default gateway and set up the appropriate DNS servers in resolv.conf and I also want all pop3, smtp and http passed to my linux box as well. You'll need to set up port forwarding. See the man page for natd and pay close attention to the redirect_port diretive. If you're going to have many set up (as it seems you will) it's usually easier to put them in a config file and tell natd to read it's config from that file. The freebsd box is setup to be headless once I get this configured properly. In addition I would like SSH2 to be able to tunnel from box to box as well as SSH2 outside my network with my Linux box. Port forwarding again. But you'll have to use a non-standard port or you'll hit a conflict between sshd on the FreeBSD box and trying to forward sshd to the Linux box. Something like redirect_port tcp 192.168.1.3:22 Then if you ssh with defaults to the gateway, you'll log in to the gateway, and if you ssh to port , you'll ssh to the Linux box. I have attached my config files for ipfw.rules, rc.conf, and natd.conf however natd.conf is where I am lost I don't exactly know the rules for natd.conf. I reviewed my resources: The Complete FreeBSD by Greg Lehey and Absolute BSD by Michael Lucas however there was not much on the actual syntax. If someone could help me in these areas it would be greatly appreciated. Thanks in advance... On the FreeBSD box, to forward all traffic on port 80 to the linux box: redirect_port tcp 192.168.1.3:80 80 The other ports follow the same pattern. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NAT / ipfw / GW - FreeBSD 4.10 to Linux Private Network???
Hello All, So with the help of all of you I have configure my FreeBSD 4.10 gateway. I am able to ping, tracerout, ssh and call webpages with a fully functioning DHCP client. I thank all of you from the bottom of my heart, those of you that helped me out... its been hardwork and late nights (or early mornings) building these computers from scratch and then introducing them with Linux and FreeBSD OS's which I have only a combined year of experience. With that said I have come to the final component of my network... the NAT component. I was trying to play around with it until I found out that I really didn't know what I was doing... so here I am again. I'm trying to configure one box through NAT via my FreeBSD gateway. I figure after I do it once I'll be able to tweak it for the rest of my machines. This is my set up [internet] - [firewall/gateway] -- [ linux box ] 24.199.105.0-- 192.168.1.1 - 192.168.1.3 ( dc0 ) ( txp0 ) ( eth0 ) I'm trying to get internet connection for my linux box, and I also want all pop3, smtp and http passed to my linux box as well. The freebsd box is setup to be headless once I get this configured properly. In addition I would like SSH2 to be able to tunnel from box to box as well as SSH2 outside my network with my Linux box. I have attached my config files for ipfw.rules, rc.conf, and natd.conf however natd.conf is where I am lost I don't exactly know the rules for natd.conf. I reviewed my resources: The Complete FreeBSD by Greg Lehey and Absolute BSD by Michael Lucas however there was not much on the actual syntax. If someone could help me in these areas it would be greatly appreciated. Thanks in advance... Hakim Z. Singhji New York University 1st year Information Systems Management Student ### # RC.CONF FILE ### Network ## gateway_enable=YES network_interfaces=dc0 txp0 txp1 hostname=redgate.ath.cx ifconfig_dc0=DHCP ifconfig_txp0=inet 192.168.1.1/24 ifconfig_txp1=inet 192.168.1.2/24 natd_enable=dc0 natd_flags=-s -u -f /etc/natd.conf # IPFW firewall_enable=YES firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.rules firewall_quiet=NO firewall_logging_enable=YES ## Extra Firewalling Options ## log_in_vain=YES tcp_drop_synfin=NO tcp_restrict_rst=YES icmp_drop_redirect=YES MISC RC Rules # ... # IPFW.RULES add 00100 allow ip from any to any via lo0 add 00101 deny ip from any to 127.0.0.0/8 # from man ipfw: allow only tcp connections I've created add 00300 check-state add 00301 deny tcp from any to any in established add 00302 allow tcp from any to any out setup keep-state # allow DNS/UDP Packets add 00400 allow udp from 207.69.188.185 53 to any in recv dc0 add 00401 allow udp from 207.69.188.186 53 to any in recv dc0 add 00402 allow udp from 207.69.188.187 53 to any in recv dc0 add 00403 allow udp from any to any out # allow DHCP add 00500 allow udp from any 68 to 24.29.99.105. 67 out via dc0 add 00501 allow udp from 24.29.99.105 67 to any 68 in via dc0 # uncomment rules 00502 and 00503 if ISP's DHCP server has problems #add 00502 allow udp from any 68 to 255.255.255.255 67 out via dc0 #add 00503 allow udp from any 67 to 255.255.255.255 68 in via dc0 #allow some icmp types (codes not supported) add 00600 allow icmp from any to any icmptypes 3 #allow source quench in and out add 00601 allow icmp from any to any icmptypes 4 #allow me to ping out and receive response back add 00602 allow icmp from any to any icmp types 8 out add 00603 allow icmp from any to any icmptypes 0 in #allow me to run traceroute add 00604 allow icmp from any to any icmptypes 11 in ## # NAT.CONF ## # I'm not at all sure if this is ok for diverting these packets # to my private network machines ip and port numbers??? redirect_port tcp 192.168.1.3:110 110 #pop3 redirect_port udp 192.168.1.3:110 110 #pop3 redirect_port tcp 192.168.1.3:25 25 #smtp redirect_port udp 192.168.1.3:25 25 #smtp redirect_port tcp 192.168.1.3:80 80 #http redirect_port udp 192.168.1.3:80 80 #http smime.p7s Description: S/MIME Cryptographic Signature
