From owner-freebsd-current@FreeBSD.ORG Wed Jan 7 05:41:55 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBB1716A4CE for ; Wed, 7 Jan 2004 05:41:55 -0800 (PST) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27C8F43D55 for ; Wed, 7 Jan 2004 05:41:54 -0800 (PST) (envelope-from veldy@veldy.net) Received: from veldy.net (fuggle.veldy.net [209.98.200.33]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id AC86F8330; Wed, 7 Jan 2004 07:41:53 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by veldy.net (Postfix) with ESMTP id 0E5BB15A0C; Wed, 7 Jan 2004 07:41:53 -0600 (CST) Received: from 4K3500B (localhost [127.0.0.1]) by veldy.net (Postfix) with SMTP id D2BFC15A00; Wed, 7 Jan 2004 07:41:50 -0600 (CST) Message-ID: <002a01c3d524$011ea3b0$d037630a@nic.target.com> From: "Thomas T. Veldhouse" To: "C. Kukulies" , References: <200401061735.i06HZYk4082395@www.kukulies.org> Date: Wed, 7 Jan 2004 07:41:50 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Virus-Scanned: by amavisd 0.1 Subject: Re: IPDIVERT IPFIREWALL X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jan 2004 13:41:56 -0000 C. Kukulies wrote: > Just a question: Are IPDIVERT and IPFIREWALL still valid options to > enable > NAT and firewall in the kernel or have they been deprecated. > > Just built a kernel with these options and it always gives > permission denied when I want to ping to some address. > > Could someone give me a short advice which way to go with the > following configuration: > > > Internet--------DSL--------FreeBSD gateway------Wlan ((((((((( > 192.168.254.x pppoe with -nat option > | > | > LAN 192.168.0.x > | > | > other machines that want to > use e.g. port 16967-16969 (squidcam) > > > I have no firewall active at present. NAT to the WLAN works fine. > But when I want to do also NAT to the LAN, I wonder what the way to > go would be best? > > Run natd? Do it just by rc.firewall? The default for firewall rules is to deny all traffic. There are two ways around this. You can enable the firewall or you can default the rules to accept by building option options IPFIREWALL_DEFAULT_TO_ACCEPT into your kernel (not recommended). Take a look at /etc/rc.firewall for more information ..... RTM Tom Veldhouse