1These are Instructions for Configuring A FreeBSD Box For NAT 2After you have installed IpFilter. 3 4You will need to change three files: 5 6/etc/rc.local 7/etc/rc.conf 8/etc/natrules 9 10You will have to: 11 121) Load the kernel module 132) Make the ipnat rules 143) Load the ipnat rules 154) Enable routing between interfaces 165) Add static routes for the subnet ranges 176) Configure your network interfaces 187) reboot the computer for the changes to take effect. 19 20The FAQ was written by Chris Coleman <chris@@bbcc.ctc.edu> 21This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE 22_________________________________________________________ 231) Loading the Kernel Module 24 25If you are using a Kernal Loadable Module you need to edit your 26/etc/rc.local file and load the module at boot time. 27use the line: 28 29 modload /lkm/if_ipl.o 30 31If you are not loading a kernel module, skip this step. 32_________________________________________________________ 332) Setting up the NAT Rules 34 35Make a file called /etc/natrules 36put in the rules that you need for your system. 37 38If you want to use the whole 10 Network. Try: 39 40map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000 41 42_________________________________________________________ 43Here is an explaination of each part of the command: 44 45map starts the command. 46 47fpx0 is the interface with the real internet address. 48 4910.0.0.0 is the subnet you want to use. 50 51/8 is the subnet mask. ie 255.0.0.0 52 53208.8.0.1 is the real ip address that you use. 54 55/32 is the subnet mask 255.255.255.255, ie only use this ip address. 56 57portmap tcp/udp 10000:65000 58 tells it to use the ports to redirect the tcp/udp calls through 59 60 61The one line should work for the whole network. 62_________________________________________________________ 633) Loading the NAT Rules: 64 65The NAT Rules will need to be loaded every time the computer 66reboots. 67 68In your /etc/rc.local put the line: 69 70ipnat -f /etc/natrules 71 72To check and see if it is loaded, as root type 73 ipnat -ls 74_________________________________________________________ 754) Enable Routing between interfaces. 76 77Tell the kernel to route these addresses. 78 79in the rc.local file put the line: 80 81sysctl -w net.inet.ip.forwarding=1 82 83_________________________________________________________ 845) Static Routes to Subnet Ranges 85 86Now you have to add a static routes for the subnet ranges. 87Edit your /etc/sysconfig to add them at bootup. 88 89static_routes="foo" 90route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1" 91 92 93_________________________________________________________ 946) Make sure that you have your interfaces configured. 95 96I have two Intel Ether Express Pro B cards. 97One is on 208.8.0.1 The other is on 10.0.0.1 98 99You need to configure these in the /etc/sysconfig 100 101network_interfaces="fxp0 fxp1" 102ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0" 103ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0" 104_________________________________________________________ 105