From owner-freebsd-questions@FreeBSD.ORG Sun Nov 14 13:42:21 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB34816A4CE for ; Sun, 14 Nov 2004 13:42:21 +0000 (GMT) Received: from mail.freeode.co.uk (freeode.co.uk [213.162.123.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C28043D4C for ; Sun, 14 Nov 2004 13:42:21 +0000 (GMT) (envelope-from sub01@freeode.co.uk) Received: from lexx (lexx.freeode.co.uk [10.253.253.2]) by mail.freeode.co.uk (8.12.10/8.12.10) with ESMTP id iAEDgJCZ001856; Sun, 14 Nov 2004 13:42:19 GMT (envelope-from sub01@freeode.co.uk) From: John Murphy To: questions@FreeBSD.ORG Date: Sun, 14 Nov 2004 13:42:19 +0000 Message-ID: X-Mailer: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Natd/Gateway=yes vs 5.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sub01@freeode.co.uk List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 13:42:22 -0000 Francisco Reyes wrote: >Migrating a 4.10 box. >Copied data to a second drive. >Installed 5.3 >Changed kernel to add > >options IPFIREWALL >options IPFIREWALL_VERBOSE >options "IPFIREWALL_VERBOSE_LIMIT"=50 >options IPDIVERT > >In /etc/rc.conf have >firewall_enable="YES" >firewall_logging="YES" # Set to YES to enable events logging >firewall_quiet="NO" >firewall_type="open" >gateway_enable="YES" >natd_enable="YES" # Enable natd (if firewall_enable == YES). >natd_flags="-f /etc/natd.conf" # Set rules file for the NAT daemon >natd_interface="ed0" I've been reading the (excellent) firewall section of the handbook at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html Section 14.9.6.3 /etc/rc.conf Options says: If you don't have IPFW compiled into your kernel you will need to load it with the following statement in your /etc/rc.conf: firewall_enable="YES" Perhaps you have two ipfws, the kld and the one in the kernel. Section 14.9.6.5.7 An Example NAT and Stateful Ruleset says: The kernel source needs 'option divert' statement added to the other IPFIREWALL statements compiled into a custom kernel. So I guess that supersedes your "options IPDIVERT" entry. -- HTH, John.