From owner-freebsd-hackers Mon Jan 13 14:48:48 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA12061 for hackers-outgoing; Mon, 13 Jan 1997 14:48:48 -0800 (PST) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA12046 for ; Mon, 13 Jan 1997 14:48:38 -0800 (PST) Message-Id: <199701132248.OAA12046@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA085405705; Tue, 14 Jan 1997 09:48:25 +1100 From: Darren Reed Subject: Re: IPFILTER To: tinguely@plains.nodak.edu (Mark Tinguely) Date: Tue, 14 Jan 1997 09:48:25 +1100 (EDT) Cc: hackers@FreeBSD.org In-Reply-To: <199701132218.QAA13145@plains.nodak.edu> from "Mark Tinguely" at Jan 13, 97 04:18:34 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk In some mail from Mark Tinguely, sie said: > > > > Also, to get a successful remapping for IP application, be sure that you > > > turned on the IP forwarding on the NAT host (ie: > > > > > > sysctl -w net.inet.ip.forwarding=1 > > > > > > ). > > > > even better, for things like ftp which have address data in the TCP stream, > > use a proxy. > > net.inet.ip.forwarding tells FreeBSD it is a IP router and that it should > forward packets from one interface to another. NAT translates the IP packet > but FreeBSD will eat the translate packet unless told to forward it. You, generally, need ip.forwarding set anyway in this kind of setup where FreeBSD is routing (forwarding) the packet onward to a final destination, irrespective of NAT being present. Darren