Date: Wed, 09 Oct 2013 19:04:55 +0200 From: Bernt Hansson <bah@bananmonarki.se> To: Chris Stankevitz <chrisstankevitz@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: NAT: Handbook vs mailing list Message-ID: <52558CB7.7080709@bananmonarki.se> In-Reply-To: <CAPi0psumAP7x902F120iSe3GVmH0uHAMn3HrfQxgpERXLuw8jA@mail.gmail.com> References: <CAPi0psumAP7x902F120iSe3GVmH0uHAMn3HrfQxgpERXLuw8jA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-10-08 06:21, Chris Stankevitz wrote: > http://www.freebsd.org/doc/handbook/network-natd.html > > http://lists.freebsd.org/pipermail/freebsd-questions/2011-April/229017.html > > Hello, > > Handbook section 31.9.3 suggests I should, among other things, add the > line ipdivert_load="YES" to /boot/loader.conf when setting up NAT. > > The mailing list message linked above suggests that the handbook > information is the "old way" and that the correct way is to set > ipfw_enable and natd_enable in rc.conf. "Then /etc/rc.d/ipfw will > load ipfw.ko, and if natd_enable is set, will invoke /etc/rc.d/natd, > which loads ipdivert.ko at the right time." > > My inclination is to follow the handbook, but I thought I should first > check to ensure the handbook is up-to-date. > > Thank you, > This is my rc.conf with ipf (ipfilter) firewall. # Bring up the ipfilter software ipfilter_enable="YES" ipmon_enable="YES" # Start IP monitor log ipmon_flags="-D -f /var/log/ipf.log" ## Tell ipfilter where to get its rules ipfilter_rules="/etc/ipf.rules" #Enable ipnat ipnat_enable="YES" #Tell ipnat where to get its rules ipnat_rules="/etc/ipnat.rules"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52558CB7.7080709>