NAT howtos for FreeBSD from Vasily Kondrashov.
It seems that FreeBSD is great OS. FreeBSD box can work as server as well and it is free. I
don't think that Windows workstation straight connected to the Internet is good idea (I mean security).
Setting up FreeBSD firewall can solve many problems. In the other hand you can save some money connecting
your lan through the FreeBSD box - you really need only one public IP address and nobody can see your LAN
from outside (If there is no errors).
You can find some instructions how to set up natd - Network Address Translation daemon - software that can solve problems listed above.
telnet and natd.
You can skip this part if you're don't know what is telnet or why do you need it.
There are questions like : Does natd allows telnet the gateway from the inside? It works (for me for example). I use FreeBSD 2.2.7 with natd 1.9 without any tricks. I can telnet my gateway form the internal LAN (Windows 95 OSR2 Russian workstations) without any problem (it seems to be slow but...) using both IP addresses of the gateway (internal "unregistered" 192.168.0.1 and public - given me by ISP).
I don't think that it is really secret that FreeBSD can deny telnet it as root by default. If you don't want to change this you can add some user to the same group with root, login with this username and then su.
Let's get natd now! You can install it with your system - try to find /sbin/natd file. To be sure that you
have the latest version you can get it from ftp://ftp.suutari.iki.fi/pub/natd. You can get the latest
version but when i try to install 2.01 I've get some problems I don't want to solve. So I recommend get
natd_1.9.tar.gz with 1.9 version. Then do something as root:
Show the way to the LAN.
Then add route to your LAN by the string
route add -net 192.168.0.0/16 -interface ed1
Here we use so-called unregistered addresses for your LAN (see rfc 1918 and rfc 1631 for details).
You can use 65534 IP-addresses from 192.168.0.1 to 192.168.255.254 in your LAN now. Is it enough?
!!! If you use IP adresses from 18.104.22.168 to 22.214.171.124 remember that 126.96.36.199 is subnet address and 188.8.131.52 is broadcast address - don't use this addresses.
Configureing the kernel.
Then you need to configure your kernel to use such things. Let's think that you know how to configure the kernel. I'll try to make it clear.
You can see what kernel are you using now at the boot time (After pressing ENTER when OS prompts boot:). Then cd to the /sys/i386/conf. Find a file with the name of the kernel. Do ls and see what files are there
You need not file named as GENERIC, LINT, PCCARD, Makefile.i386, files.i386, devices.i386, majors.i386 or options.i386 .
Let the current kernel configuration file be yourkernel. Do
cp yourkernel natdkernel
and edit natdkernel with any text editor. You should add two lines:
Then do following as root:
Making your firewall useful.
Then you're need to configure your firewall to work with natd:
Making natd running at the right time.
Look at your /etc/services find a line natd 8668/divert there. It can be placed there by
default but if it isn't... So you need this line in this file.
Configure your internal interface to use 192.168.0.1 as IP address. You can do it editing /etc/rc.conf or by executing commend like:
ifconfig ed1 192.168.0.1 up netmask 255.255.0.0 broadcast 192.168.255.255
You can plase this line to the /etc/rc.conf.local to be runned everytime machine boot. Remember - I am talking not about running -stable.
Edit your /etc/rc.conf.local to add line
/usr/local/sbin/natd -p 8668 -n ed0 -redirect_address 192.168.0.1 184.108.40.206
Note that ed0 is your external interface and 220.127.116.11 your public IP address.