Pongthep Kulkrisada wrote: > * Manolis Kiagias ([EMAIL PROTECTED]) wrote: > >> This worked fine for me, although I prefer to use pf. Here is how I >> setup pf (Adjust for your interfaces as necessary) >> >> My Internet interface is rl0, setup in rc.conf as: >> >> ifconfig_rl0="inet 192.168.0.100 netmask 255.255.255.0" >> >> My local interface is rl1, setup in rc.conf as: >> >> ifconfig_rl1="inet 192.168.1.100 netmask 255.255.255.0" >> > 3. I haven't mentioned that I can't use this configuration. I have 2 > interfaces i.e. public and private LAN. But I have only one NIC card for > private LAN. I don't have NIC card for public. I'm using 56k modem to > connect the outside world. I think I can't add > > ifconfig_tun0="inet 192.168.0.100 netmask 0xffffff00" >
You won't of course put this in rc.conf. However AFAIK tun0 is *still* a network interface and can appear in firewall rules. So the PF method I described should work, tun0 is considered the "external" network interface, the rule would be: nat pass on tun0 from rl1:network to any -> (tun0) where rl1 would be the internal interface. Needless to say, I have no way of testing the above as I don't have a modem. Since obviously you want to use ipfw, I still suggest you go by the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html First, make sure Internet works normally on your FreeBSD host. Then apply the above instructions. The example in the handbook shows a line: natd_interface="fxp0" which in your case would be: natd_interface="tun0" It seems you already have these settings though, so I would review the Handbook instructions and remove anything else from the configuration which does not appear there. Once things are working, go back and add firewall rules etc. Handbook instructions worked for me (with two ethernet cards though) "out of the box". _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"