37. IP Network Address Translation
Introduction to FreeBSD
37.1.  1)Loading the Kernel Module
37.2.  2) Setting up the NAT Rules
37.3.  3) Loading the NAT Rules:
37.4.  4)Enable Routing between interfaces.
37.5.  5) Static Routes to Subnet Ranges
37.6.  6) Make sure that you have your interfaces configured.

After you have installed IpFilter: You will need to change three files:

/etc/rc.local

/etc/sysconfig

/etc/natrules

This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE

37.1.   1)Loading the Kernel Module

If you are using a Kernel Loadable Module you need to edit your /etc/rc.local file and load the module at boot time.

use the line: modload /lkm/if_ipl.o

If you are not loading a kernel module, skip this step.

37.2.   2) Setting up the NAT Rules

Make a file called /etc/natrules put in the rules that you need for your system. If you want to use the whole 10 Network. Try:

map fxp0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000

Here is an explanation of each part of the command:

map starts the command.

fxp0 is the interface with the real internet address.

10.0.0.0 is the subnet you want to use.

/8 is the subnet mask. ie 255.0.0.0

208.8.0.1 is the real IP address that you use.

/32 is the subnet mask 255.255.255.255, ie only use this IP address.

portmap tcp/udp 10000:65000

tells it to use the ports to redirect the tcp/udp calls through The one line should work for the whole network.

37.3.   3) Loading the NAT Rules:

The NAT Rules will need to be loaded every time the computer reboots. In your /etc/rc.local put the line: ipnat -f /etc/natrules

To check and see if it is loaded, as root type: ipnat -ls

37.4.   4)Enable Routing between interfaces.

Tell the kernel to route these addresses. In the /etc/rc.conf put the line:

Gateway=YES

Or configure it by had by putting this line in the /etc/rc.local file :

sysctl -w net.inet.ip.forwarding=1

37.5.   5) Static Routes to Subnet Ranges

Now you have to add a static routes for the subnet ranges. Edit your /etc/rc.conf, or on an older system, your /etc/sysconfig to add them at bootup.

static_routes="foo" route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1"

37.6.   6) Make sure that you have your interfaces configured.

I have two Intel Ether Express Pro B cards. One is on 208.8.0.1 The other is on 10.0.0.1 You need to configure these in the /etc/sysconfig

network_interfaces="fxp0 fxp1"
ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0"
ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0"

Return to Table of Contents

Visit the Gifcom

Note:

When using ftp from a client computer on the virtual network, you will need to use passive mode. Otherwise, it will time out trying to get a directory listing.