Hello!
I'm trying to set up my FreeBSD 9 box as a Natd router. When I connect my machine to the cable modem via rl0, my machine has internet access, but my windows machines behind it do not. I have two windows machines behind said machine. 192.168.1.50 and 192.168.1.3
Any help would be greatly appreciated.
I can ping within the 192.168.1.0 network. All the interfaces respond.
I'm trying to set up my FreeBSD 9 box as a Natd router. When I connect my machine to the cable modem via rl0, my machine has internet access, but my windows machines behind it do not. I have two windows machines behind said machine. 192.168.1.50 and 192.168.1.3
Any help would be greatly appreciated.
Code:
# Network Name of Machine
hostname="Bender"
# Test Config
ifconfig_rl0=" inet 68.15.62.102 netmask 255.255.255.224"
ifconfig_dc0=" inet 192.168.1.1 netmask 255.255.255.0"
gateway_enable="YES"
defaultrouter="68.15.62.97"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/ipfw.rules"
Code:
[root@Bender]/etc-> more natd.conf
port 8668
interface rl0
# Apache22 HTTPd
redirect_port tcp 192.168.1.10:80 80
# ProFTPd
redirect_port tcp 192.168.1.10:20-21 20-21
# POP3
redirect_port tcp 192.168.1.10:110 110
# SMTPd
redirect_port tcp 192.168.1.10:25 25
Code:
[root@Bender]/etc-> more ipfw.rules
ipfw -q -f flush # delete all rules
#set defaults
oif="rl0" # Outbound Interface
iif="dc0" # Inbound Interface
cmd="ipfw -q add " # Build rule prefix
## Start Rules #####################################
$cmd 00050 divert 8868 from any to any via $oif
$cmd 00100 allow ip from any to any via lo0
$cmd 00250 allow ip from any to 192.168.1.10 20-21
$cmd 00300 allow ip from any to 192.168.1.10 22
$cmd 00350 allow ip from any to 192.168.1.10 25
$cmd 00400 allow ip from any to 192.168.1.10 53
$cmd 00450 allow ip from any to 192.168.1.10 80
$cmd 00500 allow ip from any to 192.168.1.10 110
$cmd 35000 allow all from 192.168.1.0 out via $oif
## Last Rule: Deny EVERYTHING that ipfw didn't get already ##
$cmd 65535 deny ip from any to any
[root@Bender]/etc->I can ping within the 192.168.1.0 network. All the interfaces respond.
