Re: Firewall with FreeBSD 3.3

[Shafik Yaghmour <shafik () acm poly edu>]

        Well this is actually very easy to implement although the natd and
ipfw documentation does not make it completely clear. The first think you
need to do is setup up your first rule to be a divert e.g.:

        divert 8668 ip from any to any via vx0

8668 is the port natd is running on

        next you need to setup the config file something like
/etc/natrules. Inside this file you want to have the translations you want
to take place defined using "redirect_address" e.g.:

        redirect_address 10.0.0.1 205.1.2.1
        redirect_address 10.0.0.2 205.1.2.2

        Now you run natd e.g.:

        natd -n vx0 -f /etc/natrules
        
        I am pretty sure that will have you good to go.

Have fun
Take care

On Thu, 9 Dec 1999, Adidas Boy wrote:

> Dear Firewall Wizards,
>
> I have been using FreeBSD for about 2 years now. I have learned quite a bit 
> over the time as far as simple things to do to make it harder for someone to 
> break into my machine such as installing tcpd to only allow certain hosts, 
> then disabling certain services that are not needed.
>
> It recently decided I wanted to create a machine that had the above features 
> but also did more firewall type of stuff. I have been trying to do some 
> reasearch and learned a little about natd and ipfw which does some type of 
> ruleset things. I'm trying to accomplish the following and wanted some help 
> from anyone of you that could help me. What i want to achieve is all 
> external real ips on the internet be mapped to a certain fake ip and so all 
> requests would have to go thru the firewall so for instance.
>
> computer 1:
>   internal ip: 10.0.0.1
>
> computer 2:
>   internal ip: 10.0.0.2
>
> then have the firewall have something like this:
>
> 205.1.2.1 => 10.0.0.1
> 205.1.2.2 -> 10.0.0.2
>
> so in essence the firewall would listen to 205.1.2.1, 205.1.2.2, etc.
> and then route to the appropriate machine so the person on the outside could 
> never really talk directly to the machine. can this be done with natd and 
> what would i need to do to the configuration to make this work?
>
> Any help would be appreciated!
>
> Brian
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com

==========================================================================
--"the more you know and understand the more you must know and understand
   .. knowledge is an unsatiable hunger .. which makes life easier and at
   the same time harder .... knowledge is a paradox w/ no resolution just
   a boundless function of human nature .... knowledge is a trap which we
   embrace and which we run away from .... and in the end the only escape
   is death .... or maybe not "<grin>--
==========================================================================
                     -Unite for Java! - http://www.javalobby.org-
                     -This message transmitted on 100% recycled electrons-
                     -Save the whales, Feed the hungry, Free the mallocs-


Two cats on a roof,
Which one falls off first?
The one with the smaller mew.