How nat is working, if natd not enable?

[sensey]

Hello I have a Free bsp server installed on one of my client´s office. I did´nt install teh server... Buy they requeste me to make some changes...


They have a Cisco router pluge in to ISP and the ethernet port conected directlly to the BSD server. Know the bsd has a second card conected to mi Lan.. I want to disable nat on the BSD an enable it on the router, but I cant find where the server is implementing the Nat.. I have search on the BSD web page but i get confused, I dont find a command that tells me where is making the nat.. I already check the NATD and rc.conf..


Any help will do.
Thanks

 

[Wishdiak]

sensey,

You state that the WAN link comes in directly to a Cisco router, and then connects directly to a dual-homed FreeBSD server. What IP addresses are assigned to the network cards on the FreeBSD server and the Cisco router?

Information about gateways and routing in FreeBSD is located at

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html

Wishdiak
A+, Network+, Security+, MCSA: Security 2003

http://www.wishdiak.com

 

[sensey]

The wan has an address 65.212.221.xxx/24 and the Lan has the 10.3.14.xx /24

yes I have check al the routing tables an i know how it is routing tha packets the defaul route is the ciscos IP add... But how can I check the nat conversion or where it´s making it

Thanks

 

[Wishdiak]

sensey,

You should check /etc/rc.conf to see if natd is enabled there, and whether the second network interface's IP address is provided by DHCP.

Wishdiak
A+, Network+, Security+, MCSA: Security 2003

http://www.wishdiak.com

 

[sensey]

wishdiak, no natd it´s not enable

Here´s my rc.conf file

#ifconfig_vr0="inet 207.193.204.57 netmask 255.255.255.224"
#defaultrouter="207.193.204.33"

ifconfig_rl0="inet 10.3.14.10 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 10.3.14.1 netmask 0xffffffff"

ifconfig_rl1="inet 65.212.2XX.XXX netmask 0xfffffff0"
ifconfig_rl1_alias0="inet 65.212.2XX.XXx netmask 0xffffffff"
ifconfig_rl1_alias1="inet 65.212.2XX.XXx netmask 0xffffffff"
ifconfig_rl1_alias2="inet 65.212.2XX.XXX netmask 0xffffffff"
ifconfig_rl1_alias3="inet 65.212.2XX.XXX netmask 0xffffffff"
ifconfig_rl1_alias4="inet 65.212.2XX.XXX netmask 0xffffffff"
ifconfig_rl1_alias5="inet 65.212.2XX.XXX netmask 0xffffffff"
ifconfig_rl1_alias6="inet 65.212.2XX.XXX netmask 0xffffffff"
ifconfig_rl1_alias7="inet 65.212.2XX.XXX netmask 0xffffffff"
ifconfig_rl1_alias8="inet 65.212.2XX.XXX netmask 0xffffffff"
ifconfig_rl1_alias9="inet 65.212.2XX.XXX netmask 0xffffffff"

defaultrouter="65.212.2XX.XXX"

gateway_enable="YES"
inetd_enable="YES"
kern_securelevel_enable="NO"
nfs_reserved_port_only="YES"
saver="warp"
sshd_enable="YES"
usbd_enable="YES"

firewall_enable="YES"
firewall_type="open"

clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"
sendmail_enable="YES"
apache_enable="YES"
mysql_enable="YES"
webmin_enable="YES"
spamd_enable="YES"

named_enable="YES"
named_flags="-u bind -g bind"

static_routes="puente3a puente3b"

route_puente3a="-net 192.168.35.0/16 10.3.14.143"
route_puente3b="-net 65.212.2XX.XXX/30 10.3.14.143"


I change the IP add numbers for XXX just for security purposes..

Thanks

 

[marsd]

There are three firewall implementations(at least) for
*bsd and all support nat. Check to see if you have pf
installed and see this page:

http://www.openbsd.org/faq/pf/nat.html

Also look at your /etc/defaults/rc.conf and
see what the default settings are for FW, etc..