From nobody@FreeBSD.org  Wed Jan  9 01:36:49 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6BD1937B41D
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  9 Jan 2002 01:36:49 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g099anF24363;
	Wed, 9 Jan 2002 01:36:49 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200201090936.g099anF24363@freefall.freebsd.org>
Date: Wed, 9 Jan 2002 01:36:49 -0800 (PST)
From: Saurabh Gupta <saurabh_gupta77@yhoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: a very minor documentation error
X-Send-Pr-Version: www-1.0

>Number:         33724
>Category:       docs
>Synopsis:       [patch] fix Handbook error about Advanced Networking
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    remko
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 09 01:40:02 PST 2002
>Closed-Date:    Mon Dec 26 19:34:12 GMT 2005
>Last-Modified:  Mon Dec 26 19:34:12 GMT 2005
>Originator:     Saurabh Gupta
>Release:        4.4 stable
>Organization:
Mx
>Environment:
FreeBSD kashmir.etowns.net 4.4-RELEASE FreeBSD 4.4-RELEASE #3: Sun Jan  6 06:33:49 PST 2002     root@kashmir.etowns.net:/usr/obj/usr/src/sys/MYKERNEL  i386

>Description:
In the FreeBSD Handbook, 
Please refer to chapter 17 "Advanced Netowrking"
Section 11.2, "Network Address Translation - Setup " Paragraph no. 3 
(i.e, handbook -> 17.11.2, paragraph 3)



It states (and I quote) This gateway machine must have two NICs--one for 
connecting to the Internet router, the other connecting to a LAN".  (end quote)   

 
This is inaccurate, the least you need for NAT is just one NIC.
and a dumb hub connected to it and the incoming gateway/router also 
connected to this same hub. the NIC in the FreeBSD box should have 2 
aliases. One being the original ip address and other a server for 
local lan in one of the allowed ranges.  eg. (192.168.0.1 ......)

The configuration is also mostly same except one ought not use  
in /etc/rc.conf
	natd_interface="fxp0"
instead natd_flags be used.
	natd_flags=" -alias_address <the original ip assigned to you by the isp> <also any other flogs you might like>" 
mine looks like
natd_flags=" -use_sockets -same_ports -unregistered_only -alias_address 1.2.3.4"
*************
but this also breaks the /etc/rc.network script so I tweaked it a lil bit 
*************
the diff looks as follows :
myprompt# diff rc.network1 rc.network2
296c296
< echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} 
---
> echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
>
basically remove the last argument for the natd daemon.

oh yeah I also had to change a line in my /etc/rc.firewall :

#                       ${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
                        ${fwcmd} add 50 divert natd all from any to any via 1.2.3.4 
#
here 1.2.3.4 is my actual ip but in hindsight i dont think this change is necessary, dont remember why i did it. Try it without but keep it to fallback.

also as mentioned above alias is required following is a sample
ifconfig_rl0_alias0="inet 192.168.0.1 netmask 255.255.255.0"
rl0 should be replace with your interface name of the NIC
"use ifconfig to find that out also see the man"
Be sure to follow all the other information the the handbook(section 17.11.2)

It can be argued that this could be a cause for slow net activity 
because in reality all packets that are going out are written twice on the hub 
once when the FreeBSD gateway reads it and then when it spews it back out for 
the router but hey i figured that  I was using dsl with a maximum speed of 
1.5mbps whereas the local lan has a cutoff over 10/100 mbps on ethernet so .....
So far I have about 5 computers running this way and yet to see a degradation
in quality or speed.

Necessity : 
It could be used for setting up a little local network without investing 
in another nic (sounds really cheap 10 bucks and i would have gotten a new nic
, well i added 20 more bucks and spend that on getting FreeBSD rather than 
downloading, worthwhile choice I must endorse) or whatever new interface future 
brings to us


NETWORK DIAGRAM
    
    +-------------------+                       +--------+
    |FreeBSD natd-gate  |                       |   HUB  |
    |outside IP on NIC1 |                       |        |
    |alias 192.168.0.1  |NIC1-------------------+=       |
    |to NIC1 with  net- |                       |        |
    |-mask 255.255.255.0|                       |        |
    +-------------------+                       |        |
                               +----------------+=       |
    +-------------------+      |                |        |
    | 192.168.0.5       |      |                |        |
    | gateway           |------+                |        |
    |   192.168.0.1     |                       |        |
    +-------------------+          +------------+=       |
                                   |            |        |
    +-------------------+          |            |        |
    | 192.168.0.6       |          |            |        |
    |  gateway          |----------+            |        |
    |    192.168.0.1    |                       |        |
    +-------------------+              +--------+=       |
                                       |        |        |   
    +-------------------+              |        |        |
    |  192.168.0.4      |--------------+        |        |
    |   gateway         |                  +----+=       |
    |     192.168.0.1   |                  |    |        |
    +-------------------+                  |    +--------+
                                           |
    +-------------------+                  |
    | HAS TO BE         +------------------+
    | NOTHING REALLY    |
    | in my case it is  |
    | an unconfigurable |
    | gateway DSL       +===================================>INTERNET<
    +-------------------+
    



Thats about all I had to do. If anyone has a question feel free to email me.
saurabh_gupta77@yahoo.com



>How-To-Repeat:
see the discription
>Fix:
see the discription
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-doc 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Wed Jan 9 04:41:17 PST 2002 
Responsible-Changed-Why:  
Mis-filed PR. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33724 
Responsible-Changed-From-To: freebsd-doc->chern 
Responsible-Changed-By: chern 
Responsible-Changed-When: Thu Jan 10 13:09:34 PST 2002 
Responsible-Changed-Why:  
I'll take care of getting this into the doc tree. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33724 
Responsible-Changed-From-To: chern->freebsd-doc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Sep 13 05:50:40 GMT 2004 
Responsible-Changed-Why:  
With bugmeister hat on, reassign from recently inactive committer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33724 
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Mon Dec 26 19:31:42 UTC 2005 
State-Changed-Why:  
I added a little note about this that the example will 
only focus on machines with at least two nics. Although 
i really appriciate it that you think along, i do not 
think we should have this information in the handbook. 
People that are willing to apply this should consider 
a lot more then just connect it. For example the 
security risks which are involved etc.  And then 
again, the prices of NICs are even lower today 
so, people are better of buying a extra nic so they 
can communicate with the internet with a 'standarized' 
setup. 

With this explaination; close the PR. Thanks for 
the submission though! 


Responsible-Changed-From-To: freebsd-doc->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Mon Dec 26 19:31:42 UTC 2005 
Responsible-Changed-Why:  
Let feedback be pushed back to me so that we might be 
able to do something with it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33724 
>Unformatted:
