From owner-freebsd-questions@FreeBSD.ORG Wed Jun 14 04:29:16 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25B3916A479 for ; Wed, 14 Jun 2006 04:29:16 +0000 (UTC) (envelope-from dthomas53@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 949EF43D46 for ; Wed, 14 Jun 2006 04:29:15 +0000 (GMT) (envelope-from dthomas53@gmail.com) Received: by nz-out-0102.google.com with SMTP id m7so44481nzf for ; Tue, 13 Jun 2006 21:29:15 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=see3CJ4eX8kjOtawed/oD7YcRMTQpuyUm24LxgP6by1SAaPMKY+FQVwtflXbvvtkSdIkz3f5FENSHeTYST94b6J23bqMIuMOLLwTXqTmX5Udhe9TMA5i/QDlpR/cf3b4wxcyk/LmLBEH5SzqwFe5q8t9fYAqzmV3gDI2k9EFnzE= Received: by 10.37.14.55 with SMTP id r55mr365729nzi; Tue, 13 Jun 2006 21:29:14 -0700 (PDT) Received: by 10.37.12.21 with HTTP; Tue, 13 Jun 2006 21:29:14 -0700 (PDT) Message-ID: Date: Wed, 14 Jun 2006 00:29:14 -0400 From: "David Stanford" To: "Dennis Olvany" In-Reply-To: <448F8DA1.4080605@gmail.com> MIME-Version: 1.0 References: <28713720.541071150205688169.JavaMail.tomcat@peto> <448F8DA1.4080605@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: regi@via-rs.net, questions@freebsd.org Subject: Re: FreeBSD firewall, nat, kernel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 04:29:16 -0000 On 6/14/06, Dennis Olvany wrote: > > From a fresh install, a working nat should only require a few commands. > Kernel compilation is not necessary. I personally don't use the NAT function in my IPFW config, and thus just reverted to the handbook,,,*cough*, excuse me...bible for the information. Though, if this is the case you should probably submit a PR to the docs team to avoid future confusion. :) kldload ipfw > kldload ipdivert > sysctl net.inet.ip.forwarding=1 > dhclient xl0 > natd -dynamic -n xl0 > ipfw add divert natd ip from any to any via xl0 > ipfw add allow ip from any to any > ifconfig rl0 192.168.100.253/24 > > To make the config permanent, you just need to use the rc equivalents of > those commands. > > /etc/rc.conf > > firewall_enable="yes" > firewall_type="/etc/ipfw.rules" > gateway_enable="yes" > ifconfig_xl0="dhcp" > ifconfig_rl0="192.168.100.253/24" > natd_enable="yes" > natd_interface="xl0" > > /etc/ipfw.rules > > add divert natd ip from any to any via xl0 > add allow ip from any to any > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -David -- [root@fbsd ~]# fortune Happiness is just an illusion, filled with sadness and confusion.