From owner-freebsd-questions@FreeBSD.ORG  Wed Jun 14 04:16:48 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7D75C16A474
	for <questions@freebsd.org>; Wed, 14 Jun 2006 04:16:48 +0000 (UTC)
	(envelope-from dennisolvany@gmail.com)
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 09CFE43D46
	for <questions@freebsd.org>; Wed, 14 Jun 2006 04:16:47 +0000 (GMT)
	(envelope-from dennisolvany@gmail.com)
Received: by wr-out-0506.google.com with SMTP id i31so34616wra
	for <questions@freebsd.org>; Tue, 13 Jun 2006 21:16:47 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding;
	b=FXbX5oEK1UdyZG9rOEGw1dZEBmsXe6Ak8Zd2SxIs95+QzpxQkPPwJ+aF+X8hKdT8QA2XL011VjTAA3IF8EK5qxMVfDaj116SERYnVpoHC3LJ54BdEnux9EC4U4GgUAcVWia6cBXOK/TYtPUQUp1XqGXlZtUnb7YBMY0TnFavPrs=
Received: by 10.54.65.9 with SMTP id n9mr288054wra;
	Tue, 13 Jun 2006 21:16:47 -0700 (PDT)
Received: from ?195.16.87.34? ( [195.16.87.34])
	by mx.gmail.com with ESMTP id g2sm140051wra.2006.06.13.21.16.45;
	Tue, 13 Jun 2006 21:16:47 -0700 (PDT)
Message-ID: <448F8DA1.4080605@gmail.com>
Date: Tue, 13 Jun 2006 23:16:33 -0500
From: Dennis Olvany <dennisolvany@gmail.com>
User-Agent: Thunderbird 1.5 (X11/20060211)
MIME-Version: 1.0
To: regi@via-rs.net
References: <28713720.541071150205688169.JavaMail.tomcat@peto>
In-Reply-To: <28713720.541071150205688169.JavaMail.tomcat@peto>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: questions@FreeBSD.org
Subject: Re: FreeBSD firewall, nat, kernel
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jun 2006 04:16:48 -0000

 From a fresh install, a working nat should only require a few commands. 
Kernel compilation is not necessary.

kldload ipfw
kldload ipdivert
sysctl net.inet.ip.forwarding=1
dhclient xl0
natd -dynamic -n xl0
ipfw add divert natd ip from any to any via xl0
ipfw add allow ip from any to any
ifconfig rl0 192.168.100.253/24

To make the config permanent, you just need to use the rc equivalents of 
those commands.

/etc/rc.conf

firewall_enable="yes"
firewall_type="/etc/ipfw.rules"
gateway_enable="yes"
ifconfig_xl0="dhcp"
ifconfig_rl0="192.168.100.253/24"
natd_enable="yes"
natd_interface="xl0"

/etc/ipfw.rules

add divert natd ip from any to any via xl0
add allow ip from any to any