一、编译内核
编辑内核文件,增加如下几行:
options IPFIREWALL
options IPDIVERT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=5
重新编译内核。
二、配置启动项
vi /etc/rc.conf
gateway_enable="YES"
hostname="gateway.bsdart.org"
ifconfig_em1="inet 192.168.0.1 netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="UNKNOWN"
firewall_script="/etc/ipfw.rules"
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="adsl"
natd_enable="YES"
natd_interface="tun0"
natd_flags=""
三、编辑防火墙规则
vi /etc/ipfw.rules
#!/bin/sh
oif="tun0"
iif="em1"
fwcmd="/sbin/ipfw -q add"
valid_tcpport="22, 80"
/sbin/ipfw -q -f flush
$fwcmd 0100 allow all from any to any via $iif
$fwcmd 0110 allow all from any to any via lo0
$fwcmd 0200 check-state
$fwcmd 1000 allow all from any to any out via $oif keep-state
$fwcmd 1100 allow tcp from any to me $valid_tcpport in via $oif setup keep-state
四、编辑ADSL拨号设置
vi /etc/ppp/ppp.conf
adsl:
set device PPPoE:em0
set mru 1492
set mtu 1492
set authname **********
set authkey **********
set dial
set login
add default HISADDR
enable dns
set timeout 0
set redial 3 5
set reconnect 5 10000
set cd 5
全部设置好了之后就可以将服务器重启了。
至此,实现局域网NAT上网已经成功实现。
I just happen to land to this blog and it is a properly written read, a little bit on the short side, but a pretty acceptable one.
I definetly adore the layout too, it is altogether easy to navigate.