[ Current Issue Home | Issue #1 Home | FAQ ]��

The FreeBSD 'zine
Featured Articles: Firewalls
## ipfw/natd
## Dan Langille <>

Gateways: Installing natd/ipfw, firewall, dual-homed host

A gateway allows one computer to talk to an outside network and channel requests from other computers. If you have more than one computer, it makes sense to have one of them act as the gateway to your ISP. It allows all of your computers to share a single modem. It's easy and it's cheap.

You don't want to do this if you are running ppp. See the man pages for information on -alias.

One of the best ways to create a gateway is by using ipfw and natd. ipfw is an Internet Packet Firewall. Even though you may not want a firewall, it's the best way to achieve a gateway.

Installation instructions

These instructions are taken directly from the . Please refer to that document for further information. This section assumes that the network card which is attached to your ISP is ed0. You should substitute your own interface if necessary.

1) You need FreeBSD version 2.2 or higher

Obtaining FreeBSD is not covered in this section. Please refer to the section of the .

2) Build a custom kernel

I highly recommend you read Configuring the FreeBSD Kernel section of the . Please pay special attention to the Building and Installing a Custom Kernel section. The rest of this section contains the highlights for those that know how to build a kernel.

Include these options in your new kernel:

	options IPDIVERT

If this is the first time you've created a new kernel, you may wish to reboot and install that new kernel. Make sure your kernel reboots safely with no error messages. If all you have done is the above changes, it should go very smoothly.

3) Create a gateway/firewall

Ensure your machine acts as a gateway and a firewall by including the following lines in /etc/rc.conf:


4) Configure your interface

Make sure your network cards are already configured. Sorry, but I don't cover that here. If you're using ppp, make sure you start ppp before running natd.

5) Add natd to your services

Ensure the following line appears in /etc/services:

	natd	8668/divert	# Network Address Translation socket

6) Start natd

This can be added to /etc/rc.local:

	natd -interface ed0

7) Redirect the traffic to natd

You will need at least the following commands:

	/sbin/ipfw -f flush
	/sbin/ipfw add divert natd all from any to any via ed0
	/sbin/ipfw add pass all from any to any

See for more information.

8) Reboot

In order for the changes you've made to take effect, you'll need to reboot. Things should run smoothly now.

If it doesn't work

If the above does not get things working for you, then . Perhaps my instructions are defective. I don't think so, but please tell me of any problems you had and what you did to correct them.

- Dan

Return to Issue #1

Contact: <>
Last modified: $Date: 1999/06/26 05:19:51 $
Copyright � 2023, The FreeBSD 'zine
All rights reserved.