Multi-Interfaced NAT enabled router help needed

by Christopher Barr » Fri, 04 May 2001 07:32:03

All,
I am in the process of building a 6-interface LAN router in Linux.
eth0 will be the external, internet interface, while eth1-5 will serve
internal subnets. NAT will need to occur from eth0 to all of the other
interfaces, and I want to run dhcpd on the box to serve interfaces 2, 3, &
4. eth1 will point to my servers, and 5 will point to another router to
several test LANs, which will be all hardcoded. Has anyone had experience
with configuring multi-interfaces with both NAT and DHCP? And could you give
me some tidbits of info / pitfalls to watch out for / good documentation
resource URLs you've found helpful? I would really appreciate it.

Thanks,
--
Christopher Barry
SysAdmin
InfiniCon Systems

Top

1. NAT with 2 public interfaces and 1 privat nat interface

Hi everybody

I'm quite sure this is easy for you, cause I'm a newbie and as such one I'm
asking basic simple and stupid questions. I'm very sorry for that but at the
moment I'm stucked ...

I try to configure a FreeBSD 4.6.2 router / firewall with this layout:

Def Gateway 195.1.1.1
fxp0 -> public interface A (for ex. 195.1.1.22 / 255.255.255.0)
fxp1 -> public interface B (for ex. 195.1.2.193 / 255.255.255.248)
fxp2 -> privat interface C (NAT: for ex 192.168.1.1 / 255.255.255.0)

I just can't manage to make this NAT with natd working ... The first
configuration was exactly like explained in the online handbook. After this
hasn't worked I tryed a few ideas. Without success ... I hope somebody in
this news list can give me a hint / instructions how I can convince the
system to do NAT.

Thank you very much and best regards
Stefan

Kernel Config inclueds
----------------------
# Firewall Konfiguration / natd
options IPFIREWALL #firewall aktiviert
options IPFIREWALL_VERBOSE #print info of dropped packets
options IPFIREWALL_VERBOSE_LIMIT=200 #Limits No packets logged
options IPDIVERT #divert sockets / needed by natd

latest Version rc.conf (tested many many versions ...)
-----------------------------------------------------
hostname="fwall.syso.ch"

# Interface Settings
ifconfig_fxp0="inet 195.1.1.22 netmask 255.255.255.0"
ifconfig_fxp1="inet 195.1.2.193 netmask 255.255.255.248"
ifconfig_fxp2="inet 192.168.1.1 netmask 255.255.255.0"

# Routing Settings
defaultrouter="195.1.1.1"
gateway_enable="YES"

# Netzwerk Dienste
inetd_enable="NO"
nfs_server_enable="NO"
sendmail_enable="NO"
sshd_enable="YES"

# Firewall Settings
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="fxp2"
natd_flags="-v -a 195.1.1.22"

# Security
kern_securelevel="2"
kern_securelevel_enable="YES"

#Regional Settings
keymap="swissgerman.iso"

Firewall rules
--------------
#!/bin/sh

# Define the Firewall command
fwcmd="/sbin/ipfw"

#### Force a flushing of the current rules before we load our own rules
$fwcmd -f flush

#### NAT auf FXP2 definieren
$fwcmd add 50 divert natd all from any to any via fxp2

#### only for testing: temp open everything
$fwcmd add allow all from any to any

--
********************
SYSO GmbH
Zrcherstrasse 204
9014 St. Gallen

T +41 (0)71 274 93 83
F +41 (0)71 274 93 84

Stefan Mallepell

********************

2. Out of memory uncompressing 2.2.13 bzImage

3. multi-interfaced NFS server, what interface clients are using?