From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 19 21:22:19 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8DF7B1065671
	for <questions@freebsd.org>; Wed, 19 Mar 2008 21:22:19 +0000 (UTC)
	(envelope-from roberthuff@rcn.com)
Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net
	[207.172.157.102])
	by mx1.freebsd.org (Postfix) with ESMTP id 390528FC19
	for <questions@freebsd.org>; Wed, 19 Mar 2008 21:22:19 +0000 (UTC)
	(envelope-from roberthuff@rcn.com)
Received: from mr08.lnh.mail.rcn.net ([207.172.157.28])
	by smtp02.lnh.mail.rcn.net with ESMTP; 19 Mar 2008 17:22:18 -0400
Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11])
	by mr08.lnh.mail.rcn.net (MOS 3.8.6-GA) with ESMTP id JUH31339;
	Wed, 19 Mar 2008 17:22:18 -0400 (EDT)
Received: from 209-6-22-188.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com (HELO
	jerusalem.litteratus.org.litteratus.org) ([209.6.22.188])
	by smtp01.lnh.mail.rcn.net with ESMTP; 19 Mar 2008 17:23:25 -0500
From: Robert Huff <roberthuff@rcn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <18401.33813.132534.954227@jerusalem.litteratus.org>
Date: Wed, 19 Mar 2008 17:22:29 -0400
To: Christopher Cowart <ccowart@rescomp.berkeley.edu>
In-Reply-To: <20080319205600.GJ39509@hal.rescomp.berkeley.edu>
References: <18401.29043.824662.173177@jerusalem.litteratus.org>
	<18401.30778.630307.932644@jerusalem.litteratus.org>
	<18401.31783.343088.197533@jerusalem.litteratus.org>
	<20080319205600.GJ39509@hal.rescomp.berkeley.edu>
X-Mailer: VM 7.17 under 21.5  (beta28) "fuki" XEmacs Lucid
X-Junkmail-Whitelist: YES (by domain whitelist at mr08.lnh.mail.rcn.net)
Cc: questions@freebsd.org
Subject: Re: (more) confusion configuring NAT
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2008 21:22:19 -0000


Christopher Cowart writes:

>  > 	2) NAT still doesn't work.  Still connected, but can't surf to
>  > www.google.com using Firefox.
>  
>  My kernel conf:
>  | options IPFIREWALL
>  | options IPFIREWALL_VERBOSE
>  | options IPFIREWALL_VERBOSE_LIMIT=100
>  | options IPFIREWALL_FORWARD
>  | options IPFIREWALL_NAT
>  | options LIBALIAS

	I do not have "options IPFIREWALL_FORWARD" (it's commented out)
because the attached comment says:

	enable xparent proxy support

	Since that machine doesn't do proxy ... is this necessary?


>  My (abbreviated) ipfw.rules script:
>  | /sbin/ipfw -q nat 1 config if vlan98 log reset unreg_only same_ports
>  | $CMD allow all from any to any via lo0
>  | $CMD nat 1 ip4 from any to any
>  | $CMD allow icmp from any to any
>  | $CMD deny log ip from any to me
>  | $CMD allow ip4 from any to any

	Not an ipfw guru, but don't see anything that contradicts what
I have.


				Robert Huff