The FreeBSD Diary |
|
(TM) | Providing practical examples since 1998If you buy from Amazon USA, please support us by using this link. |
|
Gateways - installing natd/ipfw
29 October 1998
|
| Please note: if you are running PPP, then you don't want natd. PPP has aliasing built in. Unfortunately, I've never used PPP, so I suggest you follow the Pedantic PPP Primer of the FreeBSD Handbook or perhaps just see the man pages for information on -alias. |
|
What's a gateway?
|
| A gateway allows one computer to talk to an outside network and channel requests from
other computers. If you have more than one computer, it makes sense to have one of
them act as the gateway to your ISP. It allows all of your computers to share a
single modem. It's easy and it's cheap. One of the best ways to create a gateway is by using ipfw and natd (more information on natd). ipfw is an Internet Packet Firewall (more information on firewalls). Even though you may not want a firewall, it's the best way to achieve a gateway. |
|
Installation instructions
|
These instructions are taken directly from the FreeBSD natd manual. Please refer to that document for further information. This section assumes that the network card which is attached to your ISP is ed0. You should substitute your own interface if necessary. The following steps will get you going. However, at the end of this section, I'll show you how to make these changes permanent. |
|
1. You need FreeBSD version 2.2 or higher
|
| Obtaining FreeBSD is not covered in this section. Please refer to the Installing FreeBSD section of the FreeBSD handbook. |
|
2. Build a custom kernel
|
| I highly recommend you read Configuring the FreeBSD Kernel
section of the FreeBSD handbook.
Please pay special attention to the Building and Installing
a Custom Kernel section. The rest of this section contains the highlights for
those that know how to build a kernel. Include these options in your new kernel. options IPFIREWALL options IPDIVERT If this is the first time you've created a new kernel, you may wish to reboot and install that new kernel. Make sure your kernel reboots safely with no error messages. If all you have done is the above changes, it should go very smoothly. |
|
3. Create a gateway/firewall
|
Ensure your machine acts as a gateway and a firewall by including the following lines
in /etc/rc.conf:gateway_enable=YES firewall_enable=YES |
|
4. Configure your interface
|
| Make sure your network cards are already configured. Sorry, but I don't cover that here. If you're using ppp, make sure you start ppp before running natd. |
|
5. Add natd to your services
|
Ensure the following line appears in /etc/services:natd 8668/divert # Network Address Translation socket |
|
6. Start natd
|
This can be added to /etc/rc.local (NOTE: /etc/rc.local is
deprecated; use /usr/local/etc/rc.d/ instead; see Starting
stuff at boot time and Starting stuff at boot time).
Remember to change ed0 to your external network card (i.e. the one that goes to
your ISP).natd -interface ed0 |
|
7. Redirect the traffic to natd
|
You will need at least the following commands. Remember to change ed0
to your external network card (i.e. the one that goes to your ISP)./sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via ed0 /sbin/ipfw add pass all from any to any See FreeBSD natd manual for more information. |
|
8. Reboot
|
| In order for the changes you've made to take effect, you'll need to reboot. Things should run smoothly now. |
|
Making these changes permanent
|
| These steps will ensure that natd is configured when you need to reboot. Make sure the following is in /etc/rc.conf. Remember to change ed0 to your external network card (i.e. the one that goes to your ISP). These lines tell the system that you will be using natd, the interface which needs to be diverted, and the flags which natd needs. In this case, we'll be adding our flags to a file for ease of maintenance.. natd_enable="YES" natd_interface="ed0" natd_flags="-f /etc/natd.conf" Then make sure the following is in /etc/natd.conf. Remember to change ed0 to your external network card (i.e. the one that goes to your ISP). interface ed0 use_sockets yes same_ports yes The last two lines should ensure that DCC works correctly under IRC. If you are using DHCP, you should also add the following line: dynamic yes |
|
If it doesn't work
|
| If the above does not get things working for you, then please add your comments. Perhaps my instructions are defective. I don't think so, but please tell me of any problems you had and what you did to correct them. |