natd (internet sharing)

Posted: December 4, 2009 in Freebsd
When you get just 1 internet IP address from your ISP, and you want to allow more computers access to the internet (without using proxy servers) you need NAT (Network Address Translation). Setting it up is easy, if you pay attention🙂
You need 2 network cards/interfaces installed in your machine:

When you get just 1 internet IP address from your ISP, and you want to allow more computers access to the internet (without using proxy servers) you need NAT (Network Address Translation). Setting it up is easy, if you pay attention🙂
You need 2 network cards/interfaces installed in your machine:

/dev/pub0 is my network interface connected to the internet,

/dev/priv0 is my network interface conencted to the internal network.

Replace occurences of <pub0> and <priv0> with your network interface device names and remove the < > characters too. You can find your network interface names with the command:

ifconfig -a

Edit /etc/rc.conf, and check if your network cards are set up correctly, If your ‘public’ network card is connected to the internet an DSL- or Cable modem, it might be that your ISP provides you with an IP address, in this case, you’ll probably already have ‘ifconfig_pub0=”DHCP”’ in your rc.conf. My ISP gave me a fixed ip address (actually, a complete range), so in my case it’s different:

ifconfig_pub0=”inet <my.public.ip.address> netmask <my.public.net.mask>”

Now for the second network card, that is connected to your internal network:

ifconfig_priv0=”inet 10.0.0.1 netmask 255.0.0.0″

You can choose any private network range (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/…) as long as it’s not alreay used in your network.

nano /etc/rc.conf

Make sure the following lines are there (replace <pub0> with your own network interface, e.g. ‘rl0’):

gateway_enable=”YES”                # enable gateway

firewall_enable=”YES”               # and firewall

firewall_script=”/etc/rc.firewall”  # firewall configuration file

firewall_type=”open”                # firewall type

firewall_quiet=”NO”                 # show all firewall rules

natd_enable=”YES”                   # enable natd

natd_program=”/sbin/natd”           # path to natd

natd_interface=”<pub0>”             # public/external network interface

natd_flags=”-f /etc/natd.conf”      # extra options to natd

Test it (by starting natd manually):

natd -n <pub0>

ipfw -q add 00050 divert natd ip4 from any to any via <pub0>

= Setting up the client = Set up a computer (’client’) on your internal network, ip address 10.0.0.2, netmask 255.0.0.0, gateway 10.0.0.1, and DNS servers from your ISP (you can probably find them with ‘cat /etc/resolv.conf’)

= Testing natd connectivity = On this client pc, go to a shell, (that’s: Start → Run → cmd → [ok] for you windows people, or WindowsKey-R → cmd → [ok] for Vista unfortunates):

ping 10.0.0.1

If everything is ok (no firewalls in the way) you should get ‘Response from 10.0.0.1 …’.

Next, ping another IP address (you can use the DNS server you found a moment ago):

ping 194.109.6.66

If this works, natd works. Note: some servers/internetsites block ‘ping’: test if you can ping the address from your server, if this works, it should work from any client too.

Now test if you can ping a website by it’s name.

ping google.com

If this works, you can start your internet browser, and use the internet with multiple computers.

Reboot, to make sure natd is started automatically/correctly upon the next boot.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s