From owner-freebsd-questions@FreeBSD.ORG Tue Sep 30 14:48:27 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BDDAE1065689 for ; Tue, 30 Sep 2008 14:48:27 +0000 (UTC) (envelope-from nino80@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.239]) by mx1.freebsd.org (Postfix) with ESMTP id 5EF538FC38 for ; Tue, 30 Sep 2008 14:48:27 +0000 (UTC) (envelope-from nino80@gmail.com) Received: by wr-out-0506.google.com with SMTP id c8so7553wra.27 for ; Tue, 30 Sep 2008 07:48:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=knyLCfg7Rarcvy48xuZ7ZDpvq8iTubdVX7DJ4Pl+6/U=; b=YTwhS6m4kkapWsp8b6fFrGOKoDjBJ0FBVejg2jxKz3VIANWKZ1MBft7CzLXCD3I6rc huJuBfPFJeyW2bfcAoQXAbwReoieUfzlq3KXjUVKGUt4zO+uHd480BjnBjoBZ/mcKwCb 3zm3gc0qyGYDKgo1eErNaj1F/cFJ2eGxCNlOU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=dShTxN2fUtmBqz50LMRCL8VjBNMDntTr3ukkd4RSFVF0b7B4dDNzB5/S1WQR3BGjt9 G1sOyZGL2DTyujGIJRyLWRshiJon4ORr/OY2Uo1k2wOj9jhzuyPsaFlLQ0f2OGc3b6BW V8wAN4ZzkM5DCuiwQbvd080ECMUEfzbNLgGNs= Received: by 10.150.57.5 with SMTP id f5mr10131814yba.60.1222786106521; Tue, 30 Sep 2008 07:48:26 -0700 (PDT) Received: by 10.150.149.12 with HTTP; Tue, 30 Sep 2008 07:48:26 -0700 (PDT) Message-ID: <92bcbda50809300748s427f88f9ubefb40a942bb0ab0@mail.gmail.com> Date: Tue, 30 Sep 2008 16:48:26 +0200 From: "n j" To: "FreeBSD Questions" In-Reply-To: <48DA7B8A.2050606@chdevelopment.se> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <92bcbda50809230858j2dc39695x3135291bb2a3ddc7@mail.gmail.com> <48DA7B8A.2050606@chdevelopment.se> Subject: Re: Recompile kernel or module for ipfw+nat? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2008 14:48:27 -0000 >> however, there is a kernel module called ipdivert.ko >> Is it still necessary to recompile the kernel in order to use nat with >> ipfw? Or, to put it another way, is there a possibility to use nat and >> keep the generic kernel? > You can choose to use the modules or make it static by recompile the kernel. > IMHO the ipnat(8) is a more simple way to get nat. Thank you for your input. I'd prefer to use the module, however it doesn't seem to work: # ipfw add nat 123 all from any to any <-- example from the man page gives: ipfw: getsockopt(IP_FW_ADD): Invalid argument even though: # kldstat Id Refs Address Size Name ... 6 2 0xc4400000 d000 ipfw.ko 7 1 0xc9b33000 4000 ipdivert.ko So, the original question remains - do I really need to recompile the kernel in order to use NAT with IPFW? As far as ipnat(8) goes, switching to ipfilter (which is mandatory if I intend to use ipnat?) is not really an option. Thanks, -- Nino