d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add natd support.

Browse Source 
PR:		6339
Submitted by:	cdillon@wolves.k12.mo.us
This commit is contained in:
Brian Somers 1998-04-18 10:27:19 +00:00
parent 635225ca84
commit 252ba33d3c
11 changed files with 102 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
etc/network.subr
View File

@ -1,6 +1,6 @@
#!/bin/sh -
#
# $Id$
# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.'
network_pass3_done=YES
}

5
etc/rc.conf
View File

@ -6,7 +6,7 @@
#
# All arguments must be in double or single quotes.
#
# $Id$
# $Id: rc.conf,v 1.44 1998/04/12 09:47:41 markm Exp $
##############################################################
### Important initial Boot-time options #####################
@ -31,6 +31,9 @@ nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
firewall_enable="NO" # Set to YES to enable firewall functionality
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
natd_enable="NO" # Enable natd (if firewall_enable == YES).
natd_interface="fxp0" # Public interface to use with natd.
natd_flags="" # Additional flags for natd.
tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO).
network_interfaces="lo0" # List of network interfaces (lo0 is loopback).
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.

10
etc/rc.d/netoptions
View File

@ -1,6 +1,6 @@
#!/bin/sh -
#
# $Id$
# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.'
network_pass3_done=YES
}

10
etc/rc.d/network1
View File

@ -1,6 +1,6 @@
#!/bin/sh -
#
# $Id$
# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.'
network_pass3_done=YES
}

10
etc/rc.d/network2
View File

@ -1,6 +1,6 @@
#!/bin/sh -
#
# $Id$
# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.'
network_pass3_done=YES
}

10
etc/rc.d/network3
View File

@ -1,6 +1,6 @@
#!/bin/sh -
#
# $Id$
# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.'
network_pass3_done=YES
}

10
etc/rc.d/routing
View File

@ -1,6 +1,6 @@
#!/bin/sh -
#
# $Id$
# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.'
network_pass3_done=YES
}

11
etc/rc.firewall
View File

@ -1,6 +1,6 @@
############
# Setup system for firewall service.
# $Id: rc.firewall,v 1.16 1998/02/10 01:45:47 adam Exp $
# $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $
if [ -f /etc/rc.conf ]; then
. /etc/rc.conf
@ -57,6 +57,15 @@ fi
# Flush out the list before we begin.
$fwcmd -f flush
############
# These rules are required for using natd. All packets are passed to
# natd before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd,
# minus any divert rules (see natd(8)).
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
$fwcmd add divert natd all from any to any via ${natd_interface}
fi
############
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic

10
etc/rc.network
View File

@ -1,6 +1,6 @@
#!/bin/sh -
#
# $Id$
# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
# Note that almost all the user-configurable behavior is no longer in
@ -265,6 +265,14 @@ network_pass3() {
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
fi
# Network Address Translation daemon
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
if [ -a "X${firewall_enable}" = X"YES" ]; then
echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
fi
echo '.'
network_pass3_done=YES
}

3
etc/services
View File

@ -9,7 +9,7 @@
# Kerberos services are for Kerberos v4, and are unofficial. Sites running
# v5 should uncomment v5 entries and comment v4 entries.
#
# $Id: services,v 1.44 1998/03/09 02:56:21 steve Exp $
# $Id: services,v 1.45 1998/03/17 02:09:49 jseger Exp $
# From: @(#)services 5.8 (Berkeley) 5/9/91
#
# WELL KNOWN PORT NUMBERS
@ -1652,6 +1652,7 @@ ricardo-lm 6148/tcp #Ricardo North America License Manager
ricardo-lm 6148/udp #Ricardo North America License Manager
xdsxdm 6558/tcp
xdsxdm 6558/udp
natd 6668/divert # Network Address Translation
acmsoda 6969/tcp
acmsoda 6969/udp
afs3-fileserver 7000/tcp #file server itself

24
share/man/man5/rc.conf.5
View File

@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: rc.conf.5,v 1.15 1998/03/09 08:50:59 jkh Exp $
.\" $Id: rc.conf.5,v 1.16 1998/03/12 07:30:49 charnier Exp $
.\"
.Dd April 26, 1997
.Dt RC.CONF 5
@ -121,6 +121,28 @@ must be given.
(bool) Set to
.Ar YES
to disable the display of ipfw rules on the console during boot.
.It Ar natd_enable
(bool) Set to
.Ar YES
to enable natd.
.Ar Firewall_enable
must also be set to
.Ar YES ,
and
.Xr divert 4
sockets must be enabled in your kernel.
.It Ar natd_interface
This is the name of the public interface on which natd should run. It
is mandatory if
.Ar natd_enable
is set to
.Ar YES .
.It Ar natd_flags
Additional natd flags should be placed here. The
.Fl n
flag is automatically added with the above
.Ar natd_interface
as an argument.
.It Ar tcp_extensions
(bool) Set to
.Ar YES