The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 How to natd on 2 puplic, 1 private
Author: John 
Date:   22-08-00 19:49

I have 2 public connections and 1 private network. How do I configure natd/rc.firewall so that both public connections are protected and using natd ?
I currently have just the basic 1 to 1 natd running and firewall running as 'open'.

Thanks, John.

Reply To This Message
 
 RE: How to natd on 2 puplic, 1 private
Author: Noah Case 
Date:   28-08-00 21:10

You can add something like this to your /etc/rc.conf file;

ifconfig_xl0="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias3="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias2="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias0="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias1="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias4="inet 207.173.xxx.xxx netmask 255.255.255.224"
###outside (routable addresses)

ifconfig_xl1="inet 192.168.1.102 netmask 255.255.255.0"
ifconfig_xl1_alias2="inet 192.168.1.101 netmask 255.255.255.0"
ifconfig_xl1_alias0="inet 192.168.1.103 netmask 255.255.255.0"
ifconfig_xl1_alias1="inet 192.168.1.104 netmask 255.255.255.0"

####inside (non-routable addresses)

defaultrouter="207.173.23.193"
network_interfaces="xl0 xl1 lo0"

natd_enable="YES"
natd_interface="xl0"
natd_flags="-f /usr/local/etc/natd.conf"
firewall_enable="YES" # Set to YES to enable firewall
functionality
firewall_type="Syptec.Com"
firewall_quiet="NO"
gateway_enable="YES"

Make sure the above syntax (S) are correct for your machine.

Then make sure that your /etc/rc.firewall has the correct syntax, something like this. (this is very basic)

/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via xl0
/sbin/ipfw add pass all from any to any

This basically tells the system to use xl0 interface as the NATD interface.


After this make sure that your /usr/local/etc/natd.conf file has the correct syntax for the configurations you want to reflect;

interface xl0
pptpalias 192.168.3.2



#Customer 4
redirect_port tcp 192.168.3.2:25 207.173.xxx.xxx:25
redirect_port tcp 192.168.3.2:110 207.173.xxx.xxx:110

#Customer 2
redirect_port tcp 192.168.5.4:25 207.173.xxx.xxx:25
redirect_port tcp 192.168.5.4:110 207.173.xxx.xxx:110

#Customer 1
redirect_port tcp 192.168.15.20:110 207.173.xxx.xxx:110
redirect_port tcp 192.168.15.20:25 207.173.xxx.xxx:25
redirect_port tcp 192.168.15.20:80 207.173.xxx.xxx:80

You will notice the the xxx.xxx represent the address or addresses that you want on your system. The same port 25 can be used as long as different IP's are used.

I also included a PPTP use for port 1723 common to MS Windows enviroments.

Hope this helps.
Noah

Reply To This Message
 
 RE: How to natd on 2 puplic, 1 private
Author: Noah Case 
Date:   28-08-00 21:10

You can add something like this to your /etc/rc.conf file;

ifconfig_xl0="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias3="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias2="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias0="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias1="inet 207.173.xxx.xxx netmask 255.255.255.224"
ifconfig_xl0_alias4="inet 207.173.xxx.xxx netmask 255.255.255.224"
###outside (routable addresses)

ifconfig_xl1="inet 192.168.1.102 netmask 255.255.255.0"
ifconfig_xl1_alias2="inet 192.168.1.101 netmask 255.255.255.0"
ifconfig_xl1_alias0="inet 192.168.1.103 netmask 255.255.255.0"
ifconfig_xl1_alias1="inet 192.168.1.104 netmask 255.255.255.0"

####inside (non-routable addresses)

defaultrouter="207.173.23.193"
network_interfaces="xl0 xl1 lo0"

natd_enable="YES"
natd_interface="xl0"
natd_flags="-f /usr/local/etc/natd.conf"
firewall_enable="YES" # Set to YES to enable firewall
functionality
firewall_type="Syptec.Com"
firewall_quiet="NO"
gateway_enable="YES"

Make sure the above syntax (S) are correct for your machine.

Then make sure that your /etc/rc.firewall has the correct syntax, something like this. (this is very basic)

/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via xl0
/sbin/ipfw add pass all from any to any

This basically tells the system to use xl0 interface as the NATD interface.


After this make sure that your /usr/local/etc/natd.conf file has the correct syntax for the configurations you want to reflect;

interface xl0
pptpalias 192.168.3.2



#Customer 4
redirect_port tcp 192.168.3.2:25 207.173.xxx.xxx:25
redirect_port tcp 192.168.3.2:110 207.173.xxx.xxx:110

#Customer 2
redirect_port tcp 192.168.5.4:25 207.173.xxx.xxx:25
redirect_port tcp 192.168.5.4:110 207.173.xxx.xxx:110

#Customer 1
redirect_port tcp 192.168.15.20:110 207.173.xxx.xxx:110
redirect_port tcp 192.168.15.20:25 207.173.xxx.xxx:25
redirect_port tcp 192.168.15.20:80 207.173.xxx.xxx:80

You will notice the the xxx.xxx represent the address or addresses that you want on your system. The same port 25 can be used as long as different IP's are used.

I also included a PPTP use for port 1723 common to MS Windows enviroments.

Hope this helps.
Noah

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org