Configuring NATd By Perlsta These instructions will help you configure NATd on FreeBSD 2.2.2-RELEASE to 3.0-SNAP with the firewall implemented. NATd will NOT work unless you have a properly configured firewall, so go that page first (this link). Note that it is almost suicidal to do this remotely, as one mistake can leave you unable to reach the PC.
1. Read my section on firewalls and install one. Become root on the machine.
My Config File : # uses sockets to create tunnels and implement gateway functions use_sockets # what port to listen to port 6668 # your outside interface interface ed0 # by tunnel I mean it "forwards" connections on certain ports to an internal machine # tunnel rlogin to internal machine permanent_link tcp 192.168.0.20:login 0:0 login # tunnel xdm to internal machine (doesn't work yet) # i think if i also re-routed on port 6000 it might permanent_link tcp 192.168.0.20:xdmcp 0:0 xdmcp permanent_link tcp 192.168.0.20:xdmcp 0:0 xdmcp # tunnel telnet to internal machine permanent_link udp 192.168.0.20:telnet 0:0 telnet permanent_link tcp 192.168.0.20:telnet 0:0 telnet # tunnel http/web to internal machine permanent_link tcp 192.168.0.20:http 0:0 http permanent_link udp 192.168.0.20:http 0:0 http # tunnel mail to internal machine # warning: this is tricky because you have to have sendmail: # 1) accept mail for the name of the NATd machine # 2) spoof it's return address to that of the NATd machine permanent_link tcp 192.168.0.20:smtp 0:0 smtp permanent_link udp 192.168.0.20:smtp 0:0 smtp # tunnel ftp to internal machine permanent_link tcp 192.168.0.20:ftp 0:0 ftp permanent_link udp 192.168.0.20:ftp 0:0 ftp permanent_link tcp 192.168.0.20:ftp-data 0:0 ftp-data permanent_link udp 192.168.0.20:ftp-data 0:0 ftp-data
2. Become root on the machine. 3. Formulate a config file (this link points to mine) . 4. Figure out the appropriate command line arguements, mine are as follows: (NATd is no longer a port, and is now distributed with FreeBSD) /usr/local/sbin/natd -m -f /usr/local/sbin/natd.conf -m - tries to keep ports consistant, and helps things like RPC work. -f - specifies the config file to use.
5. Put the command line into rc.local. 6. Set the line in /etc/rc.conf that states gateway_enable="NO" to gateway_enable="YES" 7. Configure your internal machines to use the NATd machine as a gateway. 8. Reboot.
|