From owner-freebsd-questions@FreeBSD.ORG Sat May 15 10:06:49 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C644016A4CE for ; Sat, 15 May 2004 10:06:49 -0700 (PDT) Received: from mta8.adelphia.net (mta8.adelphia.net [68.168.78.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id A60EB43D6A for ; Sat, 15 May 2004 10:06:41 -0700 (PDT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta13.adelphia.net (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP id <20040515165636.WUFB13425.mta13.adelphia.net@barbish>; Sat, 15 May 2004 12:56:36 -0400 From: "JJB" To: "Micheal Patterson" , "Christian Hiris" <4711@chello.at>, Date: Sat, 15 May 2004 12:56:35 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 In-Reply-To: <004801c43a92$91200ed0$0201a8c0@dredster> Importance: Normal cc: Anthony Philipp Subject: RE: natd -redirect_port X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 May 2004 17:06:50 -0000 You are wrong also. The boot time message that displays about the ipfw module being loaded is incorrect. I filed an PR on that in 5.1 and was told by developers that message is misleading, that the module is fully enabled with nat and logging, so I tested and indeed nat and logging is really in the loadable module. It's my understanding the boot time message that displays about the ipfw module being loaded that says everything is disabled will be corrected in 5.3. What is in the 5.2.1 ipfw module I do not know. My advice is to test ipfw module before adding ipfw option statements to kernel. That's why the 5.x versions are development versions, things change all the time until that get corrected before be coming stable releases. This is all new because ipfw2 replaced ipfw at the 5.1 version I believe. Just think about it, why have an loadable module if all the options are turned off, it makes the module useless. Ipfilter's loadable module is full function with nat and logging why should the ipfw module be any different? It's just that stupid message that has been misleading users all this time just like it did to me. If nat and logging is missing from the ipfw loadable module in 5.2.1 then submit another PR to remind then it needs to be corrected. Nat and logging are the most used options of ipfw, it's just plain stupid not to have then included in the standard module. -----Original Message----- From: Micheal Patterson [mailto:micheal@tsgincorporated.com] Sent: Saturday, May 15, 2004 11:38 AM To: Barbish3@adelphia.net; Christian Hiris; freebsd-questions@freebsd.org Cc: Anthony Philipp Subject: Re: natd -redirect_port ----- Original Message ----- From: "JJB" To: "Christian Hiris" <4711@chello.at>; Cc: "Anthony Philipp" Sent: Saturday, May 15, 2004 8:05 AM Subject: RE: natd -redirect_port > You are wrong, you do not have to compile ipfirewall kernel options > into the kernel. > IPFW is delivered as an bootable module. > You need this in rc.conf to enable ipfw, it will auto load the > bootable module. > > # Required For IPFW kernel firewall support > firewall_enable="YES" # Start daemon > firewall_script="/etc/ipfw.rules" # run my custom rules > firewall_logging="YES" # Enable events logging > > natd_enable="YES" # Enable IPFW nat function > natd_interface="rl0" > natd_flags="-dynamic -m -u -f /etc/natd.conf" > You're right, you don't have to recompile to use ipfw, however, since there is no divert module, the kernel will still need to be recompiled to enable divert. In order for the OP to do what they're wanting to do they will still need to recompile kernel and restart the system. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.