# Natd Router Config



## fullauto (May 14, 2012)

Hello!

I'm trying to set up my FreeBSD 9 box as a Natd router. When I connect my machine to the cable modem via rl0, my machine has internet access, but my windows machines behind it do not.  I have two windows machines behind said machine.  192.168.1.50 and 192.168.1.3

Any help would be greatly appreciated.


```
# Network Name of Machine
hostname="Bender"

# Test Config
ifconfig_rl0=" inet 68.15.62.102 netmask 255.255.255.224"
ifconfig_dc0=" inet 192.168.1.1 netmask 255.255.255.0"
gateway_enable="YES"
defaultrouter="68.15.62.97"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/ipfw.rules"
```


```
[root@Bender]/etc-> more natd.conf
port 8668
interface rl0

# Apache22 HTTPd
redirect_port tcp 192.168.1.10:80 80

# ProFTPd
redirect_port tcp 192.168.1.10:20-21 20-21

# POP3
redirect_port tcp 192.168.1.10:110 110

# SMTPd
redirect_port tcp 192.168.1.10:25 25
```


```
[root@Bender]/etc-> more ipfw.rules

ipfw -q -f flush                # delete all rules
#set defaults
oif="rl0"                       # Outbound Interface
iif="dc0"                       # Inbound Interface
cmd="ipfw -q add "              # Build rule prefix

## Start Rules  #####################################

$cmd 00050 divert 8868 from any to any via $oif
$cmd 00100 allow ip from any to any via lo0
$cmd 00250 allow ip from any to 192.168.1.10 20-21
$cmd 00300 allow ip from any to 192.168.1.10 22
$cmd 00350 allow ip from any to 192.168.1.10 25
$cmd 00400 allow ip from any to 192.168.1.10 53
$cmd 00450 allow ip from any to 192.168.1.10 80
$cmd 00500 allow ip from any to 192.168.1.10 110
$cmd 35000 allow all from 192.168.1.0 out via $oif

## Last Rule: Deny EVERYTHING that ipfw didn't get already ##
$cmd 65535 deny ip from any to any
[root@Bender]/etc->
```

I can ping within the 192.168.1.0 network.  All the interfaces respond.


----------



## SirDice (May 14, 2012)

Did you build a custom kernel?

31.6.2 Kernel Options


----------



## fullauto (May 14, 2012)

Yes.  I have the kernel running with the redirect.


----------



## fullauto (May 14, 2012)

*Correction*

I believe the actual option was called, "IP_DIVERT".
I do have it enabled.
But just for S.A.G, how would I go about confirming that?


----------



## fullauto (May 19, 2012)

Just bumping this. Really need to get this resolved. :\

Hello? Anyone?


----------



## DutchDaemon (May 19, 2012)

If you have no new information to add, don't bump this thread.


----------

