I was trying(!) to help a friend out, and built a 4.8-REL box
to play Router/NAT and it's ALMOST working. I can't seem to telnet/surf
from NAT'd addresses, but PING works fine.
rl1:
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 207.168.119.2 netmask 0xffffff00 broadcast 207.168.119.255
inet6 fe80::240:5ff:fe82:f0e8%rl1 prefixlen 64 scopeid 0x2
ether 00:40:05:82:f0:e8
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl2:
rl2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.30.125 netmask 0xffffff00 broadcast 192.168.30.255
inet6 fe80::205:5dff:fe50:fc65%rl2 prefixlen 64 scopeid 0x3
ether 00:05:5d:50:fc:65
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
/etc/ipnat.rules:
$ cat /etc/ipnat.rules
map rl1 192.168.30.0/24 -> 0.0.0.0/32 portmap tcp/udp 1025:65000
map rl1 192.168.30.0/24 -> 0.0.0.0/32
$
/etc/rc.conf:
$ cat /etc/rc.conf
# -- sysinstall generated deltas -- # Sat Oct 11 18:43:56 2003
# Created: Sat Oct 11 18:43:56 2003
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="207.168.119.1"
hostname="fw.imscomp.com"
#ifconfig_rl2_alias0="inet 192.168.0.1 netmask 255.255.255.0"
ifconfig_rl2="inet 192.168.30.125 netmask 255.255.255.0"
ifconfig_rl1="inet 207.168.119.2 netmask 255.255.255.0"
inetd_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="YES"
sendmail_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
ipnat_enable="YES" # Set to YES to enable ipnat
functionality
ipmon_enable="YES" # Set to YES for ipmon; needs ipfilter
or
ipnat
gateway_enable="YES"
$
/etc/sysctl.conf:
$ cat /etc/sysctl.conf
# $FreeBSD: src/etc/sysctl.conf,v 1.1.2.3 2002/04/15 00:44:13 dougb Exp $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf''
for details.
#
net.inet.ip.forwarding=1
net.inet.ip.fastforwarding=1
$
Kernel config:
$ cat IMSFW
#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
#
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-conf
ig.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you are
# in doubt as to the purpose or necessity of a line, check first in LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.51.2.2 2003/03/25 23:35:15
jhb Exp $
machine i386
cpu I686_CPU
ident IMSFW
maxusers 0
#makeoptions DEBUG=-g #Build kernel with gdb(1) debug
symbols
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep
this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big
directories
options NFS #Network Filesystem
options NFS_ROOT #NFS usable as root device, NFS
required
options MSDOSFS #MSDOS Filesystem
options CD9660 #ISO 9660 Filesystem
options CD9660_ROOT #CD-ROM usable as root, CD9660
required
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP
THIS!]
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
# To make an SMP kernel, the next two are needed
#options SMP # Symmetric MultiProcessor Kernel
#options APIC_IO # Symmetric (APIC) I/O
# To support HyperThreading, HTT is needed in addition to SMP and APIC_IO
#options HTT # HyperThreading Technology
device isa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don't use the above line for fdc0 but the following one:
#device fdc0
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering
device scbus # SCSI bus (required)
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
# splash screen/screen saver
pseudo-device splash
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device vt0 at isa?
#options XSERVER # support for X server on a vt
console
#options FAT_CURSOR # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT
lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
device apm0 at nexus? flags 0x20 # Advanced Power Management
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? disable port IO_COM3 irq 5
device sio3 at isa? disable port IO_COM4 irq 9
# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs.
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these
NICs!
device miibus # MII bus support
device rl # RealTek 8129/8139
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device sl 1 # Kernel SLIP
pseudo-device ppp 1 # Kernel PPP
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
pseudo-device gif # IPv6 and IPv4 tunneling
pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
device uscanner # Scanners
device urio # Diamond Rio MP3 Player
# USB Ethernet, requires mii
device aue # ADMtek USB ethernet
device cue # CATC USB ethernet
device kue # Kawasaki LSI USB ethernet
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
$
What am I missing? What else do you/I need?
THanks for any QUICK replies!
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749