Date: Wed, 14 Jun 2006 00:29:14 -0400 From: "David Stanford" <dthomas53@gmail.com> To: "Dennis Olvany" <dennisolvany@gmail.com> Cc: regi@via-rs.net, questions@freebsd.org Subject: Re: FreeBSD firewall, nat, kernel Message-ID: <f2c91f770606132129tc1c073dgc73f4d88bf577c8f@mail.gmail.com> In-Reply-To: <448F8DA1.4080605@gmail.com> References: <28713720.541071150205688169.JavaMail.tomcat@peto> <448F8DA1.4080605@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/14/06, Dennis Olvany <dennisolvany@gmail.com> wrote: > > From a fresh install, a working nat should only require a few commands. > Kernel compilation is not necessary. I personally don't use the NAT function in my IPFW config, and thus just reverted to the handbook,,,*cough*, excuse me...bible for the information. Though, if this is the case you should probably submit a PR to the docs team to avoid future confusion. :) kldload ipfw > kldload ipdivert > sysctl net.inet.ip.forwarding=1 > dhclient xl0 > natd -dynamic -n xl0 > ipfw add divert natd ip from any to any via xl0 > ipfw add allow ip from any to any > ifconfig rl0 192.168.100.253/24 > > To make the config permanent, you just need to use the rc equivalents of > those commands. > > /etc/rc.conf > > firewall_enable="yes" > firewall_type="/etc/ipfw.rules" > gateway_enable="yes" > ifconfig_xl0="dhcp" > ifconfig_rl0="192.168.100.253/24" > natd_enable="yes" > natd_interface="xl0" > > /etc/ipfw.rules > > add divert natd ip from any to any via xl0 > add allow ip from any to any > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -David -- [root@fbsd ~]# fortune Happiness is just an illusion, filled with sadness and confusion.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f2c91f770606132129tc1c073dgc73f4d88bf577c8f>