Martti Kuparinen | b4c6ea2 | 2007-10-25 09:26:49 +0000 | [diff] [blame] | 1 | These are Instructions for Configuring A FreeBSD Box For NAT |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 2 | After you have installed IpFilter. |
| 3 | |
| 4 | You will need to change three files: |
| 5 | |
| 6 | /etc/rc.local |
Darren Reed | d4718fc | 2006-06-15 17:00:40 +0000 | [diff] [blame] | 7 | /etc/rc.conf |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 8 | /etc/natrules |
| 9 | |
| 10 | You will have to: |
| 11 | |
| 12 | 1) Load the kernel module |
| 13 | 2) Make the ipnat rules |
| 14 | 3) Load the ipnat rules |
| 15 | 4) Enable routing between interfaces |
| 16 | 5) Add static routes for the subnet ranges |
| 17 | 6) Configure your network interfaces |
| 18 | 7) reboot the computer for the changes to take effect. |
| 19 | |
| 20 | The FAQ was written by Chris Coleman <chris@@bbcc.ctc.edu> |
| 21 | This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE |
| 22 | _________________________________________________________ |
| 23 | 1) Loading the Kernel Module |
| 24 | |
| 25 | If you are using a Kernal Loadable Module you need to edit your |
| 26 | /etc/rc.local file and load the module at boot time. |
| 27 | use the line: |
| 28 | |
| 29 | modload /lkm/if_ipl.o |
| 30 | |
| 31 | If you are not loading a kernel module, skip this step. |
| 32 | _________________________________________________________ |
| 33 | 2) Setting up the NAT Rules |
| 34 | |
| 35 | Make a file called /etc/natrules |
| 36 | put in the rules that you need for your system. |
| 37 | |
| 38 | If you want to use the whole 10 Network. Try: |
| 39 | |
| 40 | map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000 |
| 41 | |
| 42 | _________________________________________________________ |
| 43 | Here is an explaination of each part of the command: |
| 44 | |
| 45 | map starts the command. |
| 46 | |
| 47 | fpx0 is the interface with the real internet address. |
| 48 | |
| 49 | 10.0.0.0 is the subnet you want to use. |
| 50 | |
| 51 | /8 is the subnet mask. ie 255.0.0.0 |
| 52 | |
| 53 | 208.8.0.1 is the real ip address that you use. |
| 54 | |
| 55 | /32 is the subnet mask 255.255.255.255, ie only use this ip address. |
| 56 | |
Martti Kuparinen | b4c6ea2 | 2007-10-25 09:26:49 +0000 | [diff] [blame] | 57 | portmap tcp/udp 10000:65000 |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 58 | tells it to use the ports to redirect the tcp/udp calls through |
| 59 | |
| 60 | |
| 61 | The one line should work for the whole network. |
| 62 | _________________________________________________________ |
| 63 | 3) Loading the NAT Rules: |
| 64 | |
| 65 | The NAT Rules will need to be loaded every time the computer |
| 66 | reboots. |
| 67 | |
| 68 | In your /etc/rc.local put the line: |
| 69 | |
Martti Kuparinen | b4c6ea2 | 2007-10-25 09:26:49 +0000 | [diff] [blame] | 70 | ipnat -f /etc/natrules |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 71 | |
| 72 | To check and see if it is loaded, as root type |
| 73 | ipnat -ls |
| 74 | _________________________________________________________ |
| 75 | 4) Enable Routing between interfaces. |
| 76 | |
| 77 | Tell the kernel to route these addresses. |
| 78 | |
| 79 | in the rc.local file put the line: |
| 80 | |
| 81 | sysctl -w net.inet.ip.forwarding=1 |
| 82 | |
| 83 | _________________________________________________________ |
| 84 | 5) Static Routes to Subnet Ranges |
| 85 | |
| 86 | Now you have to add a static routes for the subnet ranges. |
| 87 | Edit your /etc/sysconfig to add them at bootup. |
| 88 | |
| 89 | static_routes="foo" |
| 90 | route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1" |
| 91 | |
| 92 | |
| 93 | _________________________________________________________ |
| 94 | 6) Make sure that you have your interfaces configured. |
| 95 | |
| 96 | I have two Intel Ether Express Pro B cards. |
| 97 | One is on 208.8.0.1 The other is on 10.0.0.1 |
| 98 | |
| 99 | You need to configure these in the /etc/sysconfig |
| 100 | |
| 101 | network_interfaces="fxp0 fxp1" |
| 102 | ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0" |
| 103 | ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0" |
| 104 | _________________________________________________________ |