NAT, VPN and other SOHO router advice

Nick Stenning nickstenning at gmail.com
Thu Apr 6 22:12:30 UTC 2006


On 4/6/06, Chuck Swiger <cswiger at mac.com> wrote:
>
> Given what you've said, you should set up the FreeBSD machine as a bridge
> rather than a router.
>
> It's possible to do other things, such as changing the NAT address range
> used by rl1 and your Vigor 2600, yet also set up NAT on the FreeBSD machine,
> including GRE passthrough and PPTP in /etc/natd.conf, but that would be
> evil, hard to debug, and otherwise tempting the fates.  :-)
>
> # NATD configuration options
> dynamic yes
> interface rl1
> #log yes
> log_denied yes
> use_sockets yes
> same_ports yes
> unregistered_only yes
> #punch_fw 10000:100
> redirect_proto gre 10.1.1.2
> redirect_port udp 10.1.1.2:500 500
> redirect_port udp 10.1.1.2:4500 4500
> redirect_port udp 10.1.1.2:62515 62515
> redirect_port tcp 10.1.1.2:10000 10000
> redirect_port tcp 10.1.1.2:pptp pptp
>
> # The above rules allow passthrough for the Cisco VPN software, and should
> also work with SonicWall's VPN client.  OpenVPN uses just a single UDP port,
> and would be very easy to set up on FreeBSD if you liked.
>
> --
> -Chuck
>

Thanks to both of you for all your input .. its a great help!

Chuck -- since you appear to have given me the config options for
something that's "evil, hard to debug, and otherwise tempting the
fates", would you mind explaining how to set up the FBSD box as a
bridge?

Or perhaps I'm missing something ... is that what that config is for?


More information about the freebsd-questions mailing list