在 FreeBSD 5.X 上安装NAT, 首先需要确定内核配置中有下面的选项
options IPDIVERT options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_DEFAULT_TO_ACCEPT
根据Handbook上说的, 需要配置rc.conf
gateway_enable="YES" # Set to YES if this host will be a gateway. firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="/etc/ipfw.conf" # Firewall type (see /etc/rc.firewall) natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="ed1" # Public interface or IPaddress to use. natd_flags="-config /etc/natd.conf" # Additional flags for natd.
`/etc/ipfw.conf'中加入
add 50 divert natd all from any to any via any
开始测试, 下图是测试用图
-+--------------------------------+-
88.1.16.4 | | telnet 88.1.16.4 6666
+---------------+ +-------------+
| NATD MACHINE | | 88.1.16.1 |
+---------------+ +-------------+
192.168.0.1 |
+-----------+------------+
... ... ...
192.168.0.XXX 子网
`/etc/natd.conf'内容如下:
log yes redirect_port tcp 192.168.0.1:22 88.1.16.4:6666 redirect_port tcp 192.168.0.1:23 88.1.16.4:6667
在88.1.16.1上使用telnet 88.1.16.4 6666测试成功
下面解决防火墙后的内网访问NATD配置的端口映射的问题
这个问题用ipfw将从192.168.0网段来的发送到目标地址88.1.16.4, 端口6666的包forward到192.168.0.1上的22端口上就可以了. `/etc/natd.conf'加入:
add 30000 forward 192.168.0.1,22 all from 192.168.0.0/24 to 88.1.16.4 via ed1