Date: Mon, 15 Nov 1999 12:30:34 +0800 (WST) From: Michael Kennett <mike@laurasia.com.au> To: outlawtx@bga.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd Message-ID: <199911150430.MAA24383@laurasia.com.au> In-Reply-To: <3.0.6.32.19991114220622.0175d420@bga.com> from "outlawtx@bga.com" at "Nov 14, 99 10:06:22 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> In order to do network address translation with FreeBSD 3.3, do I have to > compile the kernel using the following option: > > options IPFIREWALL > options IPDIVERT > > > Don James > The ipfirewall (4) manpage mentions the following kernel options: IPFIREWALL IPFIREWALL_VERBOSE IPFIREWALL_VERBOSE_LIMIT [IP]DIVERT ^^^^ (The IP is dropped (small type) -- should raise a problem report on it). so, yes, you need the options that you mentioned. Note that unless the kernel is compiled with the option IPFIREWALL_DEFAULT_TO_ACCEPT the firewall will deny all packets by default -- this could lock you of the box for a while. There are a few other configuration options for the kernel firewall support in the /sys/i386/conf/LINT file (E.g. IPFIREWALL_FORWARD) The natd (8) manpage also mentions these configuration options, along with details on how to setup the translation mechanism. If you want to use your gateway as a firewall as well, you'll have to make a few changes to the /etc/rc.conf file to activate it: firewall_enable="YES" firewall_type="open" # Allow all packets thru' <----- check this The /etc/rc.firewall script establishes the rules in the kernel. You'll want to have a look at this. The FreeBSD handbook (http://www.freebsd.org/handbook) has a good section on setting up firewalls. You should read that as well. Regards, Mike Kennett (mike@laurasia.com.au) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911150430.MAA24383>