Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
panaceya2015-10-05 20:44:19
FreeBSD
panaceya, 2015-10-05 20:44:19

How to set up FreeBSD NAT correctly?

Hello!
I haven't seen Fryakha for more than 5 years, I decided to remember and put it as a router. I have a problem with nat - ipfw does not let the machine from LAN into the world. Everything is raised in XenServer.
The router has network cards xn0 (white 1.1.1.1) and xn1 (local). The local server has only one interface - xn0 (local).
[email protected]:~ # cat /etc/rc.conf

hostname="bsd.test"
defaultrouter="1.1.1.2"
ifconfig_xn0="inet 1.1.1.1 netmask 255.255.255.224"
ifconfig_xn1="inet 10.10.10.1 netmask 255.255.255.0"

gateway_enable="YES"

sshd_enable="YES"
ntpd_enable="YES"

# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"

# DHCP
dhcpd_enable="YES"                          # dhcpd enabled?
dhcpd_flags="-q"                            # command option(s)
dhcpd_conf="/usr/local/etc/dhcpd.conf"      # configuration file
dhcpd_ifaces="xn1"                             # ethernet interface(s)
dhcpd_withumask="022"                       # file creation mask

# named
named_enable=YES

# Firewall
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_logging="YES"
firewall_script="/etc/firewall.sh"


# NAT
natd_enable=YES
natd_interface="xn1"

#cat "/etc/firewall.sh"
fwcmd="/sbin/ipfw"
internet="xn0"
local="xn1"
ipinet="1.1.1.1"
iplocal="10.1.1.1"
netlocal="10.1.1.0/19"

${fwcmd} -f flush
${fwcmd} add check-state
${fwcmd} add allow ip from any to any via lo0
${fwcmd} add allow udp from any to me 53 
${fwcmd} add allow tcp from any to any established
${fwcmd} add allow udp from any to any established

${fwcmd} add deny ip from any to 127.0.0.0/8
${fwcmd} add deny ip from 127.0.0.0/8 to any

${fwcmd} add allow ip from ${netlocal} to any via ${local}
${fwcmd} add allow ip from any to ${netlocal} via ${local}

${fwcmd} nat 1 config ip ${ipinet} reset same_ports deny_in redirect_port tcp ${ipinet}:3300 3300 redirect_port tcp 10.1:3300 3389

${fwcmd} add nat 1 tcp from any to any via ${internet}
${fwcmd} add nat 1 udp from any to any via ${internet}
${fwcmd} add nat 1 icmp from any to any icmptypes 0,8 via ${internet}

please poke your nose where you blunted.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexey, 2015-10-16
@Pumboss

Faced a problem on 10.1
that presence of gateway_enable="YES" does not mean at all
that sysctl net.inet.ip.forwarding=1. try to check

Similar questions
N
Nemets852018-03-20 19:06:29
How to set correct acl on sysvol in Samba? 1Reply
Z
ZeroOne_012012-06-08 23:19:36
Autostart scripts in freeBSD? 2Reply
D
Dmitry Naumenko2012-07-14 17:43:04
How to restore chown in FreeBSD? 3Reply
A
Alexander2018-04-13 17:51:46
Windows behind double NAT, how to route traffic correctly? 1Reply
A
at_lexx2015-12-15 10:56:12
How is hard drive space allocated in nas4free? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question