Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

Configuring NATd
By Perlsta
These instructions will help you configure NATd on FreeBSD 2.2.2-RELEASE to 3.0-SNAP with the firewall implemented.
NATd will NOT work unless you have a properly configured firewall, so go that page first (this link). Note that it is almost suicidal to do this remotely, as one mistake can leave you unable to reach the PC.

1.  Read my section on firewalls and install one. Become root on the machine.

My Config File :
# uses sockets to create tunnels and implement gateway functions
# what port to listen to
port 6668
# your outside interface
interface ed0
# by tunnel I mean it "forwards" connections on certain ports to an internal machine
# tunnel rlogin to internal machine
permanent_link tcp 0:0 login
# tunnel xdm to internal machine (doesn't work yet)
# i think if i also re-routed on port 6000 it might
permanent_link tcp 0:0 xdmcp
permanent_link tcp 0:0 xdmcp
# tunnel telnet to internal machine
permanent_link udp 0:0 telnet
permanent_link tcp 0:0 telnet
# tunnel http/web to internal machine
permanent_link tcp 0:0 http
permanent_link udp 0:0 http
# tunnel mail to internal machine
# warning: this is tricky because you have to have sendmail:
# 1) accept mail for the name of the NATd machine
# 2) spoof it's return address to that of the NATd machine
permanent_link tcp 0:0 smtp
permanent_link udp 0:0 smtp
# tunnel ftp to internal machine
permanent_link tcp 0:0 ftp
permanent_link udp 0:0 ftp
permanent_link tcp 0:0 ftp-data
permanent_link udp 0:0 ftp-data

2. Become root on the machine.
3. Formulate a config file (this link points to mine) .
4. Figure out the appropriate command line arguements, mine are as follows: (NATd is no longer a port, and is now distributed with FreeBSD)
     /usr/local/sbin/natd -m -f /usr/local/sbin/natd.conf
    -m - tries to keep ports consistant, and helps things like RPC work.
    -f - specifies the config file to use.

5. Put the command line into rc.local.
6. Set the line in /etc/rc.conf that states
gateway_enable="NO" to gateway_enable="YES"
7. Configure your internal machines to use the NATd machine as a gateway.
8. Reboot.

© 1997 - 20013 Defcon1, , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of and the content's original author.

Tool-Bar-2Defcon1  Webmail