Add natd support.

PR: 6339 Submitted by: cdillon@wolves.k12.mo.us
author: brian <brian@FreeBSD.org> 1998-04-18 10:27:19 +0000
committer: brian <brian@FreeBSD.org> 1998-04-18 10:27:19 +0000
commit: 116081d5f2f15798830c767e3781af1616223bfd (patch)
tree: 9c095639cbce82611f5e81abcc048add726ccb6a /etc
parent: 4b10a4573603b76939c2ca43c0443bf63e8ba079 (diff)
download: FreeBSD-src-116081d5f2f15798830c767e3781af1616223bfd.zip
FreeBSD-src-116081d5f2f15798830c767e3781af1616223bfd.tar.gz
10 files changed, 79 insertions, 10 deletions
diff --git a/etc/network.subr b/etc/network.subr
index 1e49f77..e43b9d4 100644
--- a/etc/network.subr
+++ b/etc/network.subr
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id$
+#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -265,6 +265,14 @@ network_pass3() {
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+	    if [ -a "X${firewall_enable}" = X"YES" ]; then
+	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+	    fi
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
diff --git a/etc/rc.conf b/etc/rc.conf
index eb537f3..a18aa3c 100644
--- a/etc/rc.conf
+++ b/etc/rc.conf
@@ -6,7 +6,7 @@
 #
 # All arguments must be in double or single quotes.
 #
-#	$Id$
+#	$Id: rc.conf,v 1.44 1998/04/12 09:47:41 markm Exp $
 
 ##############################################################
 ### Important initial Boot-time options  #####################
@@ -31,6 +31,9 @@ nisdomainname="NO"		# Set to NIS domain if using NIS (or NO).
 firewall_enable="NO"		# Set to YES to enable firewall functionality
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
+natd_enable="NO"                # Enable natd (if firewall_enable == YES).
+natd_interface="fxp0"           # Public interface to use with natd.
+natd_flags=""                   # Additional flags for natd.
 tcp_extensions="YES"		# Allow RFC1323 & RFC1644 extensions (or NO).
 network_interfaces="lo0"	# List of network interfaces (lo0 is loopback).
 ifconfig_lo0="inet 127.0.0.1"	# default loopback device configuration.
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
index 1e49f77..e43b9d4 100644
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id$
+#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -265,6 +265,14 @@ network_pass3() {
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+	    if [ -a "X${firewall_enable}" = X"YES" ]; then
+	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+	    fi
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1
index 1e49f77..e43b9d4 100644
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id$
+#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -265,6 +265,14 @@ network_pass3() {
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+	    if [ -a "X${firewall_enable}" = X"YES" ]; then
+	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+	    fi
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
diff --git a/etc/rc.d/network2 b/etc/rc.d/network2
index 1e49f77..e43b9d4 100644
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id$
+#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -265,6 +265,14 @@ network_pass3() {
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+	    if [ -a "X${firewall_enable}" = X"YES" ]; then
+	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+	    fi
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
diff --git a/etc/rc.d/network3 b/etc/rc.d/network3
index 1e49f77..e43b9d4 100644
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id$
+#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -265,6 +265,14 @@ network_pass3() {
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+	    if [ -a "X${firewall_enable}" = X"YES" ]; then
+	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+	    fi
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
index 1e49f77..e43b9d4 100644
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id$
+#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -265,6 +265,14 @@ network_pass3() {
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+	    if [ -a "X${firewall_enable}" = X"YES" ]; then
+	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+	    fi
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
diff --git a/etc/rc.firewall b/etc/rc.firewall
index 444572f..204f50c 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -1,6 +1,6 @@
 ############
 # Setup system for firewall service.
-# $Id: rc.firewall,v 1.16 1998/02/10 01:45:47 adam Exp $
+# $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $
 
 if [ -f /etc/rc.conf ]; then
 	. /etc/rc.conf
@@ -58,6 +58,15 @@ fi
 $fwcmd -f flush
 
 ############
+# These rules are required for using natd.  All packets are passed to
+# natd before they encounter your remaining rules.  The firewall rules
+# will then be run again on each packet after translation by natd,
+# minus any divert rules (see natd(8)).
+if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+        $fwcmd add divert natd all from any to any via ${natd_interface}
+fi
+
+############
 # If you just configured ipfw in the kernel as a tool to solve network
 # problems or you just want to disallow some particular kinds of traffic
 # they you will want to change the default policy to open.  You can also
diff --git a/etc/rc.network b/etc/rc.network
index 1e49f77..e43b9d4 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id$
+#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -265,6 +265,14 @@ network_pass3() {
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+	    if [ -a "X${firewall_enable}" = X"YES" ]; then
+	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+	    fi
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
diff --git a/etc/services b/etc/services
index a9be149..909ec2d 100644
--- a/etc/services
+++ b/etc/services
@@ -9,7 +9,7 @@
 # Kerberos services are for Kerberos v4, and are unofficial.  Sites running
 # v5 should uncomment v5 entries and comment v4 entries.
 #
-#	$Id: services,v 1.44 1998/03/09 02:56:21 steve Exp $
+#	$Id: services,v 1.45 1998/03/17 02:09:49 jseger Exp $
 #	From: @(#)services	5.8 (Berkeley) 5/9/91
 #
 # WELL KNOWN PORT NUMBERS
@@ -1652,6 +1652,7 @@ ricardo-lm	6148/tcp   #Ricardo North America License Manager
 ricardo-lm	6148/udp   #Ricardo North America License Manager
 xdsxdm		6558/tcp	
 xdsxdm		6558/udp	
+natd		6668/divert # Network Address Translation
 acmsoda		6969/tcp
 acmsoda		6969/udp
 afs3-fileserver 7000/tcp   #file server itself
author	brian <brian@FreeBSD.org>	1998-04-18 10:27:19 +0000
committer	brian <brian@FreeBSD.org>	1998-04-18 10:27:19 +0000
commit	116081d5f2f15798830c767e3781af1616223bfd (patch)
tree	9c095639cbce82611f5e81abcc048add726ccb6a /etc
parent	4b10a4573603b76939c2ca43c0443bf63e8ba079 (diff)
download	FreeBSD-src-116081d5f2f15798830c767e3781af1616223bfd.zip FreeBSD-src-116081d5f2f15798830c767e3781af1616223bfd.tar.gz