From owner-freebsd-questions Sun Nov 14 20:30:56 1999 Delivered-To: freebsd-questions@freebsd.org Received: from laurasia.com.au (lauras.lnk.telstra.net [139.130.93.142]) by hub.freebsd.org (Postfix) with ESMTP id 4109214C01 for ; Sun, 14 Nov 1999 20:30:50 -0800 (PST) (envelope-from mike@laurasia.com.au) Received: (from mike@localhost) by laurasia.com.au (8.9.1a/8.9.1) id MAA24383; Mon, 15 Nov 1999 12:30:35 +0800 (WST) From: Michael Kennett Message-Id: <199911150430.MAA24383@laurasia.com.au> Subject: Re: natd In-Reply-To: <3.0.6.32.19991114220622.0175d420@bga.com> from "outlawtx@bga.com" at "Nov 14, 99 10:06:22 pm" To: outlawtx@bga.com Date: Mon, 15 Nov 1999 12:30:34 +0800 (WST) Cc: freebsd-questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In order to do network address translation with FreeBSD 3.3, do I have to > compile the kernel using the following option: > > options IPFIREWALL > options IPDIVERT > > > Don James > The ipfirewall (4) manpage mentions the following kernel options: IPFIREWALL IPFIREWALL_VERBOSE IPFIREWALL_VERBOSE_LIMIT [IP]DIVERT ^^^^ (The IP is dropped (small type) -- should raise a problem report on it). so, yes, you need the options that you mentioned. Note that unless the kernel is compiled with the option IPFIREWALL_DEFAULT_TO_ACCEPT the firewall will deny all packets by default -- this could lock you of the box for a while. There are a few other configuration options for the kernel firewall support in the /sys/i386/conf/LINT file (E.g. IPFIREWALL_FORWARD) The natd (8) manpage also mentions these configuration options, along with details on how to setup the translation mechanism. If you want to use your gateway as a firewall as well, you'll have to make a few changes to the /etc/rc.conf file to activate it: firewall_enable="YES" firewall_type="open" # Allow all packets thru' <----- check this The /etc/rc.firewall script establishes the rules in the kernel. You'll want to have a look at this. The FreeBSD handbook (http://www.freebsd.org/handbook) has a good section on setting up firewalls. You should read that as well. Regards, Mike Kennett (mike@laurasia.com.au) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message