NATD Problem

Simon Clayton Simon at reftech.co.uk
Mon Apr 2 17:22:43 BST 2001


Thanks for that - it works now anyway.  Can anyone point me to some good
examples of how to configure it to be more secure?  The box doing the NAT
has a public IP address and needs to reject most things that are not NATed.

I have rc.firewall back in place properly but have rc.conf pointing to a
different ipfw config file which probably means that rc.firewall is in
place but not being used?

Regards

Simon

-----Original Message-----
From: Paul Richards [mailto:paul at freebsd-services.co.uk]
Sent: 02 April 2001 12:10
To: Simon Clayton; freebsd-users at freebsd-uk.eu.org
Subject: Re: NATD Problem


--On Monday, April 02, 2001 10:40:48 +0100 Simon Clayton
<Simon at reftech.co.uk> wrote:

> Being a total novice in the ipfw/natd arena I'm not surprised that I've
> hit a problem with the setup of it all!
>
> Basically, I have had ADSL installed and need a firewall between my
> internal LAN running 10.0.0.x addresses and the outside world.  I
> installed FreeBSD 4.2, recompiled the kernel with IPFIREWALL and IPDIVERT
> etc, added the lines in rc.conf to enable NATD and do -dynamic and then
> put the two lines into a very blank rc.firewall to divert all packets to
> natd and "add pass...".

You shouldn't edit rc.firewall unless you're tweaking it for some specific
purpose, and since your a total novice you shouldn't be doing that :-) It
also shouldn't be very blank so there's something wrong there.

I think for an open (as in you're not concerned about firewalling) natd
configuration you should set firewall_type=openclient in /etc/rc.conf which
basically sends all traffic to natd.

If you need more help you need to provide the output from `ipfw l` and it
would also be worth running natd on the command line with -v to get some
better diagnostics.

Paul.








More information about the Ukfreebsd mailing list