From owner-freebsd-questions  Sat Nov 14 18:52:17 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA12278
          for freebsd-questions-outgoing; Sat, 14 Nov 1998 18:52:17 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from thelab.hub.org (nat0069.mpoweredpc.net [142.177.188.69])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA12270
          for <questions@FreeBSD.ORG>; Sat, 14 Nov 1998 18:52:15 -0800 (PST)
          (envelope-from scrappy@hub.org)
Received: from localhost (scrappy@localhost)
	by thelab.hub.org (8.9.1/8.9.1) with ESMTP id WAA00788;
	Sat, 14 Nov 1998 22:51:43 -0400 (AST)
	(envelope-from scrappy@hub.org)
X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs
Date: Sat, 14 Nov 1998 22:51:43 -0400 (AST)
From: The Hermit Hacker <scrappy@hub.org>
To: chuck@ucsd.edu
cc: jm7996@devrycols.edu, questions@FreeBSD.ORG
Subject: Re: Firewall + IPNAT
In-Reply-To: <Pine.SUN.4.02A.9811141834390.26966-100000@sdcc10.ucsd.edu>
Message-ID: <Pine.BSF.4.05.9811142250540.333-100000@thelab.hub.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 14 Nov 1998, Chuck Rouillard wrote:

> 
> 
> [chop]
> > For performance reasons, I wiped OpenBSD and installed FreeBSD 3.0.  Now,
> > I'm looking for the tools to run the translation and firewalling again.
> > I've managed to find /sbin/ipf and /sbin/ipnat, however, I can't find the
> > necessarry kernel options in the LINT kernel.
> > 
> > I'd like to stick with ipf & ipnat because I'm familiar with their
> > operation.  Can someone help me out here?
> 
> 
> options         IPFIREWALL              #enables the IP firewall
> options         IPFIREWALL_VERBOSE      #enables logging to /var/log
> 
> options         IPDIVERT                #enable NAT operations
> 
> The IPFIREWALL_VERBOSE option isn't mandatory, but nice.  If you use
> it, look in the LINT file for further comments on related options.
> 
> For versions such as 2.2.5(and 2.2.6?), don't forget to add
> 
> natd            6668/divert     #NAT socket
> 
> to /etc/services.

Just a very very quick addition here, that just hit me...don't forget to
enable 'gateway_enable' in /etc/rc.conf :(  I've been cursing over this
for a few weeks now, not so important that I've bothered to ask, but just
clued into it tonight *sigh*

Marc G. Fournier                                
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message