Setting up IPNAT on FreeBSD 4.0

Purpose:
This document will explain how to set up IPNAT on FreeBSD 4.0. NAT is the translation of internal addresses to external addresses. This is commonly done on a gateway machine such as a dial-up box (or DSL and Cable) at home where you have more than one computer. This allows all of your boxes to share a single connection to your ISP. There are many different configurations you can use to set up an internal network with IPNAT. This doc will explain how to use two network cards in a single FreeBSD machine, one hub, and a DSL/CABLE modem. If you want basic directions on how to set up ipnat with one network card, go to this page.

Layout:


                    +-----------------------+
                    |       FreeBSD Box     |
                    |                       |
                    |  NIC 1         NIC 2  |
                    |  +---+         +---+  |
                    |  |xl0|         |xl1|  |
                    +--/   \---------/   \--+
                         ^             v
    +---------+          |             |                 +--------+
--> |DSL/CABLE| ---------+             |        +--------| Host A |
    |  modem  |                        |        |        +--------+
    +---------+                        |        |
                                    +-----+     |
+----------------------------+      |     |     |        +--------+
| NIC 1 (xl0) - 4.33.192.69  |      |     |     |   +----| Host B |
| NIC 2 (xl1) - 192.168.1.1  |      |     =-----+   |    +--------+
+----------------------------+      | HUB |         |
| Host A      - 192.168.1.10 |      |     =---------+
| Host B      - 192.168.1.20 |      |     |              +--------+
| Host C      - 192.168.1.30 |      |     =--------------| Host C +
+----------------------------+      |     |              +--------+
                                    +-----+
Any IP within 192.168.0.0/16 is solely for internal networks. That is why it is used here. The following will work just as well: 

	10.0.0.0/8
	172.16.0.0/12

It is assumed that your FreeBSD machine already boots up with your first network card (in this case xl0) running with an IP address from from your ISP.


Step 1 - Enable ipnat in kernel:

You must add the following line to your kernel:

     options         IPFILTER                #kernel ipfilter support
(WHAT!? You don't know how to compile a kernel? Okay, go here.)

And add the following to /etc/rc.conf: 
gateway_enable="YES"



Step 2 - Configure ipnat:

Create the file '/etc/ipnat.conf' with the following: 

map xl0 192.168.5.0/24 -> 4.33.192.69/32 portmap tcp/udp 10000:60000
map xl0 192.168.5.0/24 -> 4.33.192.69/32

Of course change the 4.33.192.69 to the IP offered to you by your ISP.



Step 3 - Configure Start-Up Scripts:
Create the file '/usr/local/etc/rc.d/ipnat.sh' with the following: 

#!/bin/sh
/sbin/ifconfig xl1 down
/sbin/ifconfig xl1 inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
/sbin/ifconfig xl1 up 
[ -x /sbin/ipnat ] && /sbin/ipnat -CF -f /etc/ipnat.conf && ipf -y && echo -n 'ipnat'

And change the permissions so root can execute it. (ie chmod 750).



Step 4 - Shutdown - Setup Hardware - Bootup - Confirm:
Now, shutdown the box, setup the hardware as described in the layout above, and turn the box back on.

Once the machine has booted up, run "ifconfig -a". You should get something like this: 

xl0: flags=8843 mtu 1500
	inet 4.33.194.129 netmask 0xfffff800 broadcast 4.33.199.255
	ether 00:10:4b:68:87:32 
	media: autoselect (10baseT/UTP) status: active
	supported media: autoselect 100baseTX  100baseTX 10baseT/UTP  10baseT/UTP 100baseTX 
xl1: flags=8843 mtu 1500
        inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
	ether 00:e0:29:6e:13:7f 
	media: autoselect (none) status: active
	supported media: autoselect 100baseTX  100baseTX 10baseT/UTP  10baseT/UTP 100baseTX


The important part you should be looking at is the lines starting with "inet".

Step 5 - Setting up the other hosts:
The computers that you connect to the hub should have the following network configuration: 

IP:      192.168.5.x where 254>x>1 
GATEWAY: 192.168.5.1 
DNS:     Should be offered by your ISP.



Conclusion:
This is what I got to work for me. If you are still having problems, or you have questions about this doc, just let me know.
[ sys admin/programming | home | e-mail | viperstrike ]