From owner-freebsd-current@FreeBSD.ORG  Tue Jan  6 09:35:39 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E0EB16A4E7
	for <freebsd-current@freebsd.org>;
	Tue,  6 Jan 2004 09:35:39 -0800 (PST)
Received: from www.kukulies.org (www.kukulies.org [213.146.112.180])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3356843D2F
	for <freebsd-current@freebsd.org>;
	Tue,  6 Jan 2004 09:35:37 -0800 (PST)
	(envelope-from kuku@www.kukulies.org)
Received: from www.kukulies.org (localhost [127.0.0.1])
	by www.kukulies.org (8.12.10/8.12.10) with ESMTP id i06HZYQh082396
	for <freebsd-current@freebsd.org>;
	Tue, 6 Jan 2004 18:35:34 +0100 (CET)
	(envelope-from kuku@www.kukulies.org)
Received: (from kuku@localhost)
	by www.kukulies.org (8.12.10/8.12.10/Submit) id i06HZYk4082395
	for freebsd-current@freebsd.org; Tue, 6 Jan 2004 18:35:34 +0100 (CET)
	(envelope-from kuku)
Date: Tue, 6 Jan 2004 18:35:34 +0100 (CET)
From: "C. Kukulies" <kuku@www.kukulies.org>
Message-Id: <200401061735.i06HZYk4082395@www.kukulies.org>
To: freebsd-current@freebsd.org
X-Mailman-Approved-At: Wed, 07 Jan 2004 05:14:32 -0800
Subject: IPDIVERT IPFIREWALL
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2004 17:35:39 -0000

Just a question: Are IPDIVERT and IPFIREWALL still valid options to enable
NAT and firewall in the kernel or have they been deprecated.

Just built a kernel with these options and it always gives 
permission denied when I want to ping to some address.

Could someone give me a short advice which way to go with the following
configuration:


Internet--------DSL--------FreeBSD gateway------Wlan ((((((((( 192.168.254.x
                           pppoe with -nat option
                                |
                                |
                             LAN 192.168.0.x
                                |
                                | 
                         other machines that want to
                         use e.g. port 16967-16969 (squidcam)


I have no firewall active at present. NAT to the WLAN works fine.
But when I want to do also NAT to the LAN, I wonder what the way to go would be
best?

Run natd? Do it just by rc.firewall?


--
Chris Christoph P. U. Kukulies kuku_at_physik.rwth-aachen.de