d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add natd support.

Browse Source 
PR:		6339
Submitted by:	cdillon@wolves.k12.mo.us
This commit is contained in:
Brian Somers 1998-04-18 10:27:19 +00:00
parent 635225ca84
commit 252ba33d3c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=35267
11 changed files with 102 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
etc/network.subr
View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $Id$ # $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in # Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags} echo -n ' mrouted'; mrouted ${mrouted_flags}
fi fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.' echo '.'
network_pass3_done=YES network_pass3_done=YES
} }

5
etc/rc.conf
View File

@ -6,7 +6,7 @@
# #
# All arguments must be in double or single quotes. # All arguments must be in double or single quotes.
# #
# $Id$ # $Id: rc.conf,v 1.44 1998/04/12 09:47:41 markm Exp $
############################################################## ##############################################################
### Important initial Boot-time options ##################### ### Important initial Boot-time options #####################
@ -31,6 +31,9 @@ nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
firewall_enable="NO" # Set to YES to enable firewall functionality firewall_enable="NO" # Set to YES to enable firewall functionality
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display firewall_quiet="NO" # Set to YES to suppress rule display
natd_enable="NO" # Enable natd (if firewall_enable == YES).
natd_interface="fxp0" # Public interface to use with natd.
natd_flags="" # Additional flags for natd.
tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO). tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO).
network_interfaces="lo0" # List of network interfaces (lo0 is loopback). network_interfaces="lo0" # List of network interfaces (lo0 is loopback).
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.

10
etc/rc.d/netoptions
View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $Id$ # $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in # Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags} echo -n ' mrouted'; mrouted ${mrouted_flags}
fi fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.' echo '.'
network_pass3_done=YES network_pass3_done=YES
} }

10
etc/rc.d/network1
View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $Id$ # $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in # Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags} echo -n ' mrouted'; mrouted ${mrouted_flags}
fi fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.' echo '.'
network_pass3_done=YES network_pass3_done=YES
} }

10
etc/rc.d/network2
View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $Id$ # $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in # Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags} echo -n ' mrouted'; mrouted ${mrouted_flags}
fi fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.' echo '.'
network_pass3_done=YES network_pass3_done=YES
} }

10
etc/rc.d/network3
View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $Id$ # $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in # Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags} echo -n ' mrouted'; mrouted ${mrouted_flags}
fi fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.' echo '.'
network_pass3_done=YES network_pass3_done=YES
} }

10
etc/rc.d/routing
View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $Id$ # $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in # Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags} echo -n ' mrouted'; mrouted ${mrouted_flags}
fi fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.' echo '.'
network_pass3_done=YES network_pass3_done=YES
} }

11
etc/rc.firewall
View File

@ -1,6 +1,6 @@
############ ############
# Setup system for firewall service. # Setup system for firewall service.
# $Id: rc.firewall,v 1.16 1998/02/10 01:45:47 adam Exp $ # $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $
if [ -f /etc/rc.conf ]; then if [ -f /etc/rc.conf ]; then
. /etc/rc.conf . /etc/rc.conf
@ -57,6 +57,15 @@ fi
# Flush out the list before we begin. # Flush out the list before we begin.
$fwcmd -f flush $fwcmd -f flush
############
# These rules are required for using natd. All packets are passed to
# natd before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd,
# minus any divert rules (see natd(8)).
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
$fwcmd add divert natd all from any to any via ${natd_interface}
fi
############ ############
# If you just configured ipfw in the kernel as a tool to solve network # If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic # problems or you just want to disallow some particular kinds of traffic

10
etc/rc.network
View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $Id$ # $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in # Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags} echo -n ' mrouted'; mrouted ${mrouted_flags}
fi fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.' echo '.'
network_pass3_done=YES network_pass3_done=YES
} }

3
etc/services
View File

@ -9,7 +9,7 @@
# Kerberos services are for Kerberos v4, and are unofficial. Sites running # Kerberos services are for Kerberos v4, and are unofficial. Sites running
# v5 should uncomment v5 entries and comment v4 entries. # v5 should uncomment v5 entries and comment v4 entries.
# #
# $Id: services,v 1.44 1998/03/09 02:56:21 steve Exp $ # $Id: services,v 1.45 1998/03/17 02:09:49 jseger Exp $
# From: @(#)services 5.8 (Berkeley) 5/9/91 # From: @(#)services 5.8 (Berkeley) 5/9/91
# #
# WELL KNOWN PORT NUMBERS # WELL KNOWN PORT NUMBERS
@ -1652,6 +1652,7 @@ ricardo-lm 6148/tcp #Ricardo North America License Manager
ricardo-lm 6148/udp #Ricardo North America License Manager ricardo-lm 6148/udp #Ricardo North America License Manager
xdsxdm 6558/tcp xdsxdm 6558/tcp
xdsxdm 6558/udp xdsxdm 6558/udp
natd 6668/divert # Network Address Translation
acmsoda 6969/tcp acmsoda 6969/tcp
acmsoda 6969/udp acmsoda 6969/udp
afs3-fileserver 7000/tcp #file server itself afs3-fileserver 7000/tcp #file server itself

24
share/man/man5/rc.conf.5
View File

@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.\" $Id: rc.conf.5,v 1.15 1998/03/09 08:50:59 jkh Exp $ .\" $Id: rc.conf.5,v 1.16 1998/03/12 07:30:49 charnier Exp $
.\" .\"
.Dd April 26, 1997 .Dd April 26, 1997
.Dt RC.CONF 5 .Dt RC.CONF 5
@ -121,6 +121,28 @@ must be given.
(bool) Set to (bool) Set to
.Ar YES .Ar YES
to disable the display of ipfw rules on the console during boot. to disable the display of ipfw rules on the console during boot.
.It Ar natd_enable
(bool) Set to
.Ar YES
to enable natd.
.Ar Firewall_enable
must also be set to
.Ar YES ,
and
.Xr divert 4
sockets must be enabled in your kernel.
.It Ar natd_interface
This is the name of the public interface on which natd should run. It
is mandatory if
.Ar natd_enable
is set to
.Ar YES .
.It Ar natd_flags
Additional natd flags should be placed here. The
.Fl n
flag is automatically added with the above
.Ar natd_interface
as an argument.
.It Ar tcp_extensions .It Ar tcp_extensions
(bool) Set to (bool) Set to
.Ar YES .Ar YES