diff options
author | brian <brian@FreeBSD.org> | 1998-04-18 10:27:19 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 1998-04-18 10:27:19 +0000 |
commit | 116081d5f2f15798830c767e3781af1616223bfd (patch) | |
tree | 9c095639cbce82611f5e81abcc048add726ccb6a /etc | |
parent | 4b10a4573603b76939c2ca43c0443bf63e8ba079 (diff) | |
download | FreeBSD-src-116081d5f2f15798830c767e3781af1616223bfd.zip FreeBSD-src-116081d5f2f15798830c767e3781af1616223bfd.tar.gz |
Add natd support.
PR: 6339
Submitted by: cdillon@wolves.k12.mo.us
Diffstat (limited to 'etc')
-rw-r--r-- | etc/network.subr | 10 | ||||
-rw-r--r-- | etc/rc.conf | 5 | ||||
-rw-r--r-- | etc/rc.d/netoptions | 10 | ||||
-rw-r--r-- | etc/rc.d/network1 | 10 | ||||
-rw-r--r-- | etc/rc.d/network2 | 10 | ||||
-rw-r--r-- | etc/rc.d/network3 | 10 | ||||
-rw-r--r-- | etc/rc.d/routing | 10 | ||||
-rw-r--r-- | etc/rc.firewall | 11 | ||||
-rw-r--r-- | etc/rc.network | 10 | ||||
-rw-r--r-- | etc/services | 3 |
10 files changed, 79 insertions, 10 deletions
diff --git a/etc/network.subr b/etc/network.subr index 1e49f77..e43b9d4 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id$ +# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -265,6 +265,14 @@ network_pass3() { if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + if [ -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + fi + echo '.' network_pass3_done=YES } diff --git a/etc/rc.conf b/etc/rc.conf index eb537f3..a18aa3c 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -6,7 +6,7 @@ # # All arguments must be in double or single quotes. # -# $Id$ +# $Id: rc.conf,v 1.44 1998/04/12 09:47:41 markm Exp $ ############################################################## ### Important initial Boot-time options ##################### @@ -31,6 +31,9 @@ nisdomainname="NO" # Set to NIS domain if using NIS (or NO). firewall_enable="NO" # Set to YES to enable firewall functionality firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display +natd_enable="NO" # Enable natd (if firewall_enable == YES). +natd_interface="fxp0" # Public interface to use with natd. +natd_flags="" # Additional flags for natd. tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="lo0" # List of network interfaces (lo0 is loopback). ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 1e49f77..e43b9d4 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id$ +# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -265,6 +265,14 @@ network_pass3() { if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + if [ -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + fi + echo '.' network_pass3_done=YES } diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index 1e49f77..e43b9d4 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id$ +# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -265,6 +265,14 @@ network_pass3() { if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + if [ -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + fi + echo '.' network_pass3_done=YES } diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index 1e49f77..e43b9d4 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id$ +# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -265,6 +265,14 @@ network_pass3() { if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + if [ -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + fi + echo '.' network_pass3_done=YES } diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index 1e49f77..e43b9d4 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id$ +# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -265,6 +265,14 @@ network_pass3() { if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + if [ -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + fi + echo '.' network_pass3_done=YES } diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 1e49f77..e43b9d4 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id$ +# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -265,6 +265,14 @@ network_pass3() { if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + if [ -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + fi + echo '.' network_pass3_done=YES } diff --git a/etc/rc.firewall b/etc/rc.firewall index 444572f..204f50c 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -1,6 +1,6 @@ ############ # Setup system for firewall service. -# $Id: rc.firewall,v 1.16 1998/02/10 01:45:47 adam Exp $ +# $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $ if [ -f /etc/rc.conf ]; then . /etc/rc.conf @@ -58,6 +58,15 @@ fi $fwcmd -f flush ############ +# These rules are required for using natd. All packets are passed to +# natd before they encounter your remaining rules. The firewall rules +# will then be run again on each packet after translation by natd, +# minus any divert rules (see natd(8)). +if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + $fwcmd add divert natd all from any to any via ${natd_interface} +fi + +############ # If you just configured ipfw in the kernel as a tool to solve network # problems or you just want to disallow some particular kinds of traffic # they you will want to change the default policy to open. You can also diff --git a/etc/rc.network b/etc/rc.network index 1e49f77..e43b9d4 100644 --- a/etc/rc.network +++ b/etc/rc.network @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id$ +# $Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -265,6 +265,14 @@ network_pass3() { if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then + if [ -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + fi + echo '.' network_pass3_done=YES } diff --git a/etc/services b/etc/services index a9be149..909ec2d 100644 --- a/etc/services +++ b/etc/services @@ -9,7 +9,7 @@ # Kerberos services are for Kerberos v4, and are unofficial. Sites running # v5 should uncomment v5 entries and comment v4 entries. # -# $Id: services,v 1.44 1998/03/09 02:56:21 steve Exp $ +# $Id: services,v 1.45 1998/03/17 02:09:49 jseger Exp $ # From: @(#)services 5.8 (Berkeley) 5/9/91 # # WELL KNOWN PORT NUMBERS @@ -1652,6 +1652,7 @@ ricardo-lm 6148/tcp #Ricardo North America License Manager ricardo-lm 6148/udp #Ricardo North America License Manager xdsxdm 6558/tcp xdsxdm 6558/udp +natd 6668/divert # Network Address Translation acmsoda 6969/tcp acmsoda 6969/udp afs3-fileserver 7000/tcp #file server itself |