From owner-freebsd-questions  Sat Mar 10  7: 3:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hotmail.com (f49.law11.hotmail.com [64.4.17.49])
	by hub.freebsd.org (Postfix) with ESMTP id C4F8837B718
	for <questions@freebsd.org>; Sat, 10 Mar 2001 07:03:09 -0800 (PST)
	(envelope-from burnscharlesn@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 10 Mar 2001 07:03:08 -0800
Received: from 24.21.122.151 by lw11fd.law11.hotmail.msn.com with HTTP;	Sat, 10 Mar 2001 15:03:08 GMT
X-Originating-IP: [24.21.122.151]
From: "Charles Burns" <burnscharlesn@hotmail.com>
To: questions@freebsd.org
Subject: Re: NAT without a firewall.
Date: Sat, 10 Mar 2001 08:03:08 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F49cndAx7FqxzX9eZ5400005642@hotmail.com>
X-OriginalArrivalTime: 10 Mar 2001 15:03:08.0944 (UTC) FILETIME=[37D56900:01C0A973]
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>Can i run natd without  firewall ?  I see all these instructions for
>running a firewall and natd together.  What options do i need in the
>kernel and rc.conf just to run natd?
>
>regards,
>
>
>G. Jason Middleton

It is generally a good idea to run a firewall, but if you are certain that 
you do not want one, you can just run an "open" firewall and divert 
everything through NATD.
Follow the aforementioned instructions for adding firewall and IPDIVERT 
support into your kernel, then:

~Create a file somewhere in /etc and name it whatever you want. I'll use 
"rc.divert" for this example.
~Put the following 3 lines in it:

#!/bin/sh
/sbin/ipfw add 1 divert natd all from any to any
/sbin/ipfw add 2 pass all from any to any

~Change the line "firewall_script=" in /etc/rc.conf (or add it if it doesn't 
exist)
Make it read:

firewall_script="/etc/rc.divert"

(or use whatever filename you chose)

Also make sure that the line "gateway_enable="YES" appears in /etc/rc.conf


Charles Burns
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message