Defcon1-Header
Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

Configuring NATd
By Perlsta
These instructions will help you configure NATd on FreeBSD 2.2.2-RELEASE to 3.0-SNAP with the firewall implemented.
NATd will NOT work unless you have a properly configured firewall, so go that page first (this link). Note that it is almost suicidal to do this remotely, as one mistake can leave you unable to reach the PC.


1.  Read my section on firewalls and install one. Become root on the machine.

My Config File :
# uses sockets to create tunnels and implement gateway functions
use_sockets
# what port to listen to
port 6668
# your outside interface
interface ed0
# by tunnel I mean it "forwards" connections on certain ports to an internal machine
# tunnel rlogin to internal machine
permanent_link tcp 192.168.0.20:login 0:0 login
# tunnel xdm to internal machine (doesn't work yet)
# i think if i also re-routed on port 6000 it might
permanent_link tcp 192.168.0.20:xdmcp 0:0 xdmcp
permanent_link tcp 192.168.0.20:xdmcp 0:0 xdmcp
# tunnel telnet to internal machine
permanent_link udp 192.168.0.20:telnet 0:0 telnet
permanent_link tcp 192.168.0.20:telnet 0:0 telnet
# tunnel http/web to internal machine
permanent_link tcp 192.168.0.20:http 0:0 http
permanent_link udp 192.168.0.20:http 0:0 http
# tunnel mail to internal machine
# warning: this is tricky because you have to have sendmail:
# 1) accept mail for the name of the NATd machine
# 2) spoof it's return address to that of the NATd machine
permanent_link tcp 192.168.0.20:smtp 0:0 smtp
permanent_link udp 192.168.0.20:smtp 0:0 smtp
# tunnel ftp to internal machine
permanent_link tcp 192.168.0.20:ftp 0:0 ftp
permanent_link udp 192.168.0.20:ftp 0:0 ftp
permanent_link tcp 192.168.0.20:ftp-data 0:0 ftp-data
permanent_link udp 192.168.0.20:ftp-data 0:0 ftp-data

2. Become root on the machine.
3. Formulate a config file (this link points to mine) .
4. Figure out the appropriate command line arguements, mine are as follows: (NATd is no longer a port, and is now distributed with FreeBSD)
     /usr/local/sbin/natd -m -f /usr/local/sbin/natd.conf
    -m - tries to keep ports consistant, and helps things like RPC work.
    -f - specifies the config file to use.

5. Put the command line into rc.local.
6. Set the line in /etc/rc.conf that states gateway_enable="NO" to gateway_enable="YES"
7. Configure your internal machines to use the NATd machine as a gateway.
8. Reboot.

© 1997 - 20013 Defcon1, www.defcon1.org , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.
Defcon1-Header2
Tool-Bar-2Defcon1 Webmail