From owner-freebsd-questions Sun Mar 5 21:10:12 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.mia.bellsouth.net (mail3.mia.bellsouth.net [205.152.16.15]) by hub.freebsd.org (Postfix) with ESMTP id B297D37BC30 for ; Sun, 5 Mar 2000 21:10:09 -0800 (PST) (envelope-from phastnet@bellsouth.net) Received: from mach2.mia.bellsouth.net (adsl-61-8-25.mia.bellsouth.net [208.61.8.25]) by mail3.mia.bellsouth.net (3.3.5alt/0.75.2) with SMTP id AAA05960; Mon, 6 Mar 2000 00:03:43 -0500 (EST) Message-ID: <007d01bf8729$685568e0$02ac14ac@mia.bellsouth.net> From: "Phastnet" To: Cc: References: <200003052128.KAA79660@ducky.nz.freebsd.org> Subject: Re: switch from natd to ipnat Date: Mon, 6 Mar 2000 00:04:06 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Good point. I've added this to http://www.freebsddiary.org/ipnat.html: > > The following instructions apply only if you are only ipnat and *not* > adding IP Filter. The IP Filter installation process will do the following > steps for you. sounds good :) > > > > the line I added for ipnat was also still there, so I just deleted it since > > it was now a duplicate. I rebuilt the kernel, rebooted, and everything > > worked sweet after I ran "ipnat -f /etc/ipnat.conf". I didn't run "ipf -f > > /etc/ipf.conf", because everything started working without it. Should I be > > running that too? I haven't setup my rules yet, maybe this is why I don't > > notice anything wrong yet? > > perhaps your system already has a startup for ipnat in /usr/local/etc/rc.d actually, my /usr/local/etc/rc.d directory is empty? is this normal? > > anyways, I converted from using ipfw/natd to this setup, which is what > > other people probably do too their first time, so I wanted to know what I > > could remove so that ipfw/natd isn't activated anymore. Here's what I did: > > > > removed the natd options from rc.conf > > > > this stopped natd from working, but in the dmesg, I still saw alot of stuff > > from ipfw. So, I looked up in "The Complete FreeBSD" what I did to enable > > natd to begin with. I removed these 2 options from MYKERNEL and rebuilt it: > > options IPFIREWALL options IPDIVERT > > Above is mentioned at http://www.freebsddiary.org/ipfilter.html under > "removing natd/ipfw". I've added a cross reference to this from the > article you were reading (http://www.freebsddiary.org/ipfilter334.html). Ahh!! I completely missed that page! your new link should prevent that from happening again. Maybe you should try to include a section on each page that has links to all the other related pages on your site (like any ipfilter page should have links on it to the other ipfilter pages). Just a suggestion :-) probably would take alot of time to do it. I noticed you say to change the "firewall_enable="YES" to NO also on your page, which I didn't do. I guess I should do that now. Does this mean that I don't need my /etc/rc.firewall file anymore too?? > > I was afraid ipf/ipnat might need these, but it all appears to still work > > fine! and the dmesg output looks better now. > > > > Did I do it all right? Is there anything else I can remove from the old > > ipfw/natd setup? Thanks again for your help!! > > It sounds right to me. If all is working well, and you're having no > problems, It Must Be Right (TM). it is working quite well now, but one ftp site I connected to using active FTP didn't work? all the others seem to be fine.. I switched my ftp client back to PASV mode for that site, and it worked fine. Does this sound normal, or maybe I setup something wrong? > Thanks for the suggestions. no problem! thanks for a great site! > Dan Langille - DVL Software Limited [I'm looking for more work] > http://www.dvl-software.com/ | http://www.unixathome.org/ > http://www.racingsystem.com/ | http://www.freebsddiary.org/ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message