hi Tony, --- Tony Finch <[EMAIL PROTECTED]> wrote: > > On Thu, Dec 20, 2001 at 07:39:47AM -0800, Adam Nealis wrote: > > > > I have a simple firewall setup using FreeBSD 4.4-RELEASE > > + the speedtouch port (based on 20011007 release). I > > want to add some NAT to this. My first attempts to do > > this resulted in no packets going in or out. I think I > > have a solution but am in need of a sanity check. > > Presumably you have got the adsl working first without > any NAT or filtering?
That's correct. Except you're supposed to use the -nat flag to user ppp if you're sending packets across interfaces, according to what I read from the handbook. > For filtering I rely mostly on the fact that NAT only allows packets > through for established connections with this ppp.conf fragment: > > nat: > nat enable yes > nat deny_incoming yes > nat use_sockets yes > enable iface-alias > > and I use ppp.linkup to turn on packet forwarding: > > nat: > shell sysctl -w net.inet.ip.forwarding=1 > > and similarly apart from =0 in ppp.linkdown to turn it off. > > After that you can try configuring the firewall, but I personally think > that the above is sufficient. There's no point in using natd with ppp > because they have exactly the same functionality -- they both use > libalias to do NAT. What you say makes sense. I'll play with nat rules in ppp.conf then, but I'll leave the ipfw stuff since it works, the solution is only for a couple of months, and performance is not a concern for the species of box I am using. Thanks, Adam. __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com Liste de diffusion modem ALCATEL SpeedTouch USB Pour se d�sinscrire : mailto:[EMAIL PROTECTED]?subject=unsubscribe
