Date: Sun, 1 Jul 2001 02:28:14 -0400 From: Isaac Mushinsky <itz@mushinsky.net> To: "freebsd-questions" <freebsd-questions@freebsd.org> Cc: tyler spivey <tspivey8@home.com> Subject: Re: ipfw Message-ID: <01070102281403.73812@omsk.mushinsky.net>
next in thread | raw e-mail | index | archive | help
On Saturday 30 June 2001 16:50, you wrote:
> place cc me sicne i am not on this list.
> how do i get nat on ipf?
> it says unknown keyword map.
> map rl0 10.0.0.0/24 -> 0/32
> it worked under ipfw.
> and ihave natd_enable and all that in rc.conf.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
In your kernel config file you shoud have
options IPFIREWALL
options IPDIVERT
also possibly
options MROUTING
options IPFIREWALL_FORWARD
options IPV6FIREWALL
if not, recompile kernel with these.
Now use ipfw. For example, I have 2 ethernet cards on the firewall: rl0 goes
to DSL modem and dc0 to another box. For a wide open diversion use $ ipfw -f
flush
$ ipfw add divert 8668 all from any to any via rl0
$ ipfw add allow all from any to any
$ /sbin/natd
To set this up on boot, here is my rc.conf:
inetd_enable="YES"
ifconfig_rl0="inet xxx.xxx.xxx.xxx netmask 255.255.255.0" <<<< my static
IP address there defaultrouter="xxx.xxx.xxx.1"
<<<< gateway from my ISP tcp_extensions="YES"
nisdomainname="NO"
network_interfaces="ppp0 rl0 dc0 lo0"
ifconfig_dc0="inet 192.168.2.100 netmask 255.255.255.0"
ipv6_enable="YES"
firewall_enable="YES"
natd_program="/sbin/natd"
natd_interface="rl0"
natd_enable="YES"
and rc.network:
/sbin/ipfw -f flush
/sbin/ipfw add divert 8668 all from any to any via rl0
/sbin/ipfw add allow all from any to any
-------------------------------------------------------
-------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01070102281403.73812>