Defcon1-Header
Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

NATD

This page is dedicated to those people who have tried to figure out NATD and have been confused with its command lines.

The examples I will be using will be for sending data from a dedicated Free BSD Machine setup as the router on a internal network using 10.0.0.x numbers, then sending the incoming data from the FreeBSD machine to a Windows 95 machine.
  I used the NATD to send packets to my Windows 95 machine, to a FTP Daemon, through the FreeBSD box.  The port on the 95 machine was set to port 21, and the IP assigned to the Win 95 machine that we will be using as a Example will be 10.0.0.4  Netmask 255.255.255.0.
The Static IP that we will be using for the FreeBSD machine is 199.0.0.1
for all intended purposes.


Step 1
In the file called services, in the directory /etc  add the following line
     natd     6668/divert  # Network Address Translation socket

Step 2
The next file that we will be vi'ing is the rc.firewall  it also is in the /etc directory.  The things that we need to add to the file are the following items.
    /sbin/ipfw -f flush
    /sbin/ipfw add divert natd all from any to any via ed0
    /sbin/ipfw add pass all from any to any
     (* Where the ed0 is, put whatever device your network card is)

Step 3
You will also need to modify the file  rc.conf  it to is in the /etc directory.
Make this change, there is already a line that says
    firewall_enable=NO    Change it to say the below instead
    firewall_enable=YES

Step 4
You need to modify your Kernel, to build a custom kernel, the following lines will be commented out, you need to remove the # in front of the line, to make these commands work.
    options IPFIREWALL
    options IPDIVERT
  Once you have done this, you need to recompile your kernel, if you don't know now to do this, see the Unix help page, on how to compile the Kernel.

Step 5
Vi  rc.conf  it is in the /etc directory. Makes the following change
    sysctl -w net.inet.ip.forwarding=1

Step 6
  Once you have all the above items done, you may go forward.  Otherwise, if you have not done all of the above, the NATD wont work. You can type the following lines to turn NATD on.
  natd -l -s -n tun0 -redirect_port tcp 10.0.0.4:2121 2121
  ipfw add 1000 divert 6668 ip from any to any via tun0
  ipfw add 1002 divert 6668 ip from 10.0.0.4/24 to any via tun0
 
  If you wish to have NATD load during boot-up, then all the items in step 6 to your rc.local file, located in the /etc directory.


GhostRdr

© 1997 - 20013 Defcon1, www.defcon1.org , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.

Defcon1-Header2
Tool-Bar-2Defcon1  Webmail