Network: Network Address Translation (natd)

(last edit: 2000-11-22) <> The following steps are necessary before attempting to run natd: 1. Get FreeBSD version 2.2 or higher. Versions before this do not sup­ port divert(4) sockets. 2. Build a custom kernel with the following options: options IPFIREWALL options IPDIVERT Refer to the handbook for detailed instructions on building a custom kernel. 3. Ensure that your machine is acting as a gateway. This can be done by specifying the line gateway_enable=YES in /etc/rc.conf, or using the command sysctl -w net.inet.ip.forwarding=1 4. If you wish to use the -n or -interface flags, make sure that your interface is already configured. If, for example, you wish to spec­ ify tun0 as your interface, and you're using ppp(8) on that inter­ face, you must make sure that you start ppp prior to starting natd. 5. Create an entry in /etc/services: natd 8668/divert # Network Address Translation socket This gives a default for the -p or -port flag. Running natd is fairly straight forward. The line natd -interface ed0 should suffice in most cases (substituting the correct interface name). Once natd is running, you must ensure that traffic is diverted to natd: 6. Enable your firewall by setting firewall_enable=YES in /etc/rc.conf. This tells the system startup scripts to run the /etc/rc.firewall script. If you don't wish to reboot now, just run this by hand from the console. NEVER run this from a virtual ses­ sion unless you put it into the background. If you do, you'll lock yourself out after the flush takes place, and execution of /etc/rc.firewall will stop at this point - blocking all accesses permanently. Running the script in the background should be enough to prevent this This is wat I've put in my kernel: options IPFIREWALL options IPDIVERT options IPFIREWALL_VERBOSE options IPFILTER options IPFILTER_LOG options "IPFIREWALL_VERBOSE_LIMIT=100" options IPFIREWALL_DEFAULT_TO_ACCEPT options MROUTING And in my rc.local: gateway_enable="YES" firewall_enable="YES" firewall_type="UNKNOWN" firewall_quiet="NO" natd_enable="YES" natd_interface="ed0" natd_flags="-m -s" WIndows machine Set gateway to private space ip address of FreeBSD machine. Fill in DNS servers, perferrable the DNS servers of your ISP. Set your browser/mail client to use the LAN instead of Dail-Up And that's all I had to do to make it work

Click here to go back to the index.