Discussion:
Alternative to NATD or IPNAT for cable connection.
JoeB
2002-10-20 13:03:24 UTC
Permalink
Help please, I looking for a software port that does NAT
(network address translation). Before getting cable I used user
PPP for dial up ISP with NAT function and then IPFW with
keep-state rules. This worked great because NAT was being done
outside of IPFW. Once I went to cable with DHCP I had to also go
to IPFW with NATD. NATD has problems with IPFW keep-state rules
where rules are mis-matched because of IPFW getting confused between
private and public ip address.

Does anybody know of an stand-a-lone NAT program?


To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Christian Kratzer
2002-10-20 16:33:34 UTC
Permalink
Hi,
Post by JoeB
Help please, I looking for a software port that does NAT
(network address translation). Before getting cable I used user
PPP for dial up ISP with NAT function and then IPFW with
keep-state rules. This worked great because NAT was being done
outside of IPFW. Once I went to cable with DHCP I had to also go
to IPFW with NATD. NATD has problems with IPFW keep-state rules
where rules are mis-matched because of IPFW getting confused between
private and public ip address.
natd works fine together with ipfw. You just have to think about the
order packets are handled by ipfw and when you pass them to natd.

Greetings
Christian
--
CK Software GmbH
Christian Kratzer, Schwarzwaldstr. 31, 71131 Jettingen
Email: ***@cksoft.de
Phone: +49 7452 889-135 Open Software Solutions, Network Security
Fax: +49 7452 889-136 FreeBSD spoken here!



To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Pete C
2002-10-21 13:28:52 UTC
Permalink
Post by JoeB
Help please, I looking for a software port that does NAT
(network address translation). Before getting cable I used user
PPP for dial up ISP with NAT function and then IPFW with
keep-state rules. This worked great because NAT was being done
outside of IPFW. Once I went to cable with DHCP I had to also go
to IPFW with NATD. NATD has problems with IPFW keep-state rules
where rules are mis-matched because of IPFW getting confused between
private and public ip address.
Does anybody know of an stand-a-lone NAT program?
with "unsubscribe freebsd-questions" in the body of the message
I had similar trouble when switching to cable . . .

found this How-To helpful

http://www.freebsd-howto.com/HOWTO/Ipfw-Advanced-Supplement-HOWTO

PeteC




This e-mail host does not accept spam (unsolicited e-mail).
If you have a legitimate reason for contacting me, replace
'junk' with 'pete'.








To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Leigh V
2002-10-21 13:57:55 UTC
Permalink
You can use my Ipfilter+Ipnat and DHCP setup script.
Its designed for max security minimum fuss nat + stateful firewalling. And
can also be just a start up firewall template for a tighter firewall setup.
http://www.roq.com/bsd/


----- Original Message -----
From: "JoeB" <***@a1poweruser.com>
To: "FBSDQ" <***@FreeBSD.ORG>
Cc: "freebsd-***@FreeBSD. ORG" <freebsd-***@FreeBSD.ORG>
Sent: Sunday, October 20, 2002 11:03 PM
Subject: Alternative to NATD or IPNAT for cable connection.
Post by JoeB
Help please, I looking for a software port that does NAT
(network address translation). Before getting cable I used user
PPP for dial up ISP with NAT function and then IPFW with
keep-state rules. This worked great because NAT was being done
outside of IPFW. Once I went to cable with DHCP I had to also go
to IPFW with NATD. NATD has problems with IPFW keep-state rules
where rules are mis-matched because of IPFW getting confused between
private and public ip address.
Does anybody know of an stand-a-lone NAT program?
with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Andrew Thomson
2002-10-22 00:45:22 UTC
Permalink
I'm out of my house and into a flat now.. so I don't have access to
cable anymore.. bit of a dud.. I'm onto the next best thing being adsl.

I read one doco about what I want to do but thought I'd just throw it
out here as well..

Basically I've already got a nice little firewall running the cable
modem, with a nice tight little rule set.

I've got PPPoE running fine under BSD now with my new ADSL provider
however am curious if I can just plug in my current firewall and
s/fxp0/tun0/g in appropriate places.. namely for nat and the ipfw
rules..

I've grown quite accustomed to using ipfw and natd and would prefer to
use it over ppp -nat and it's filtering rules..

No worries?

Cheers,

ajt.



To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Lowell Gilbert
2002-10-23 14:52:14 UTC
Permalink
<Lots of colloquialisms trimmed for the benefit of non-Australians>
Post by Andrew Thomson
I've got PPPoE running fine under BSD now with my new ADSL provider
however am curious if I can just plug in my current firewall and
s/fxp0/tun0/g in appropriate places.. namely for nat and the ipfw
rules..
I've grown quite accustomed to using ipfw and natd and would prefer to
use it over ppp -nat and it's filtering rules..
Yes, that should work fine. The filtering in ppp(8) is, if I recall,
implemented with the same libraries as ipfw, so the functionality is
similar. The syntax is different, but not *very* different...

To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Loading...