From owner-freebsd-questions@FreeBSD.ORG Sat Sep 11 02:57:44 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E18C16A4CE for ; Sat, 11 Sep 2004 02:57:44 +0000 (GMT) Received: from mproxy.gmail.com (mproxy.gmail.com [216.239.56.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B22443D54 for ; Sat, 11 Sep 2004 02:57:44 +0000 (GMT) (envelope-from dlemire@gmail.com) Received: by mproxy.gmail.com with SMTP id x71so143276cwb for ; Fri, 10 Sep 2004 19:57:44 -0700 (PDT) Received: by 10.11.122.22 with SMTP id u22mr153353cwc; Fri, 10 Sep 2004 19:57:44 -0700 (PDT) Received: by 10.11.100.62 with HTTP; Fri, 10 Sep 2004 19:57:44 -0700 (PDT) Message-ID: <32e9a1d04091019577dc83b3d@mail.gmail.com> Date: Fri, 10 Sep 2004 20:57:44 -0600 From: Denis Lemire To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: NAT/DIVERT Issues in 5.2.1 Release X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Denis Lemire List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Sep 2004 02:57:44 -0000 I've just completed a frustrating day of attempting to get nat working on 5.2.1 RELEASE. I've very familiar with using FreeBSD as a nat enabled Internet gateway, I have set this up on many machines with prior versions. I've compiled my kernel with the ip divert and firewall options needed. I have enabled the firewall and natd in my rc.conf, and have (for now) set firewall type to open and gateway_enable="yes". The setup simply won't work, the appropriate rules are in the firewall, and the natd daemon is running. The main thing I find that doesn't make sense is running "ipfw -a l" lists the divert rule but its values are zeroed out such that it has been used. Is there an issue with nat on 5.2.1-RELEASE? I've even tried compiling a kernel from cvsup (5.2.1-RELEASE-p9 I believe). Any suggestions on where I might have messed this up would be excellent.