From owner-freebsd-questions@FreeBSD.ORG  Wed Oct  9 17:05:04 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id B1026D35
 for <freebsd-questions@freebsd.org>; Wed,  9 Oct 2013 17:05:04 +0000 (UTC)
 (envelope-from bah@bananmonarki.se)
Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se
 [82.182.32.53])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 362AA25D0
 for <freebsd-questions@freebsd.org>; Wed,  9 Oct 2013 17:05:03 +0000 (UTC)
Received: from kw.news4all.se (localhost [127.0.0.1])
 by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id r99H4tDN062705;
 Wed, 9 Oct 2013 19:04:55 +0200 (CEST)
 (envelope-from bah@bananmonarki.se)
Message-ID: <52558CB7.7080709@bananmonarki.se>
Date: Wed, 09 Oct 2013 19:04:55 +0200
From: Bernt Hansson <bah@bananmonarki.se>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Chris Stankevitz <chrisstankevitz@gmail.com>
Subject: Re: NAT: Handbook vs mailing list
References: <CAPi0psumAP7x902F120iSe3GVmH0uHAMn3HrfQxgpERXLuw8jA@mail.gmail.com>
In-Reply-To: <CAPi0psumAP7x902F120iSe3GVmH0uHAMn3HrfQxgpERXLuw8jA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 17:05:04 -0000

On 2013-10-08 06:21, Chris Stankevitz wrote:
> http://www.freebsd.org/doc/handbook/network-natd.html
>
> http://lists.freebsd.org/pipermail/freebsd-questions/2011-April/229017.html
>
> Hello,
>
> Handbook section 31.9.3 suggests I should, among other things, add the
> line ipdivert_load="YES" to /boot/loader.conf when setting up NAT.
>
> The mailing list message linked above suggests that the handbook
> information is the "old way" and that the correct way is to set
> ipfw_enable and natd_enable in rc.conf.  "Then /etc/rc.d/ipfw will
> load ipfw.ko, and if natd_enable is set, will invoke /etc/rc.d/natd,
> which loads ipdivert.ko at the right time."
>
> My inclination is to follow the handbook, but I thought I should first
> check to ensure the handbook is up-to-date.
>
> Thank you,
>

This is my rc.conf with ipf (ipfilter) firewall.


# Bring up the ipfilter software
ipfilter_enable="YES"
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-D -f /var/log/ipf.log"

## Tell ipfilter where to get its rules
ipfilter_rules="/etc/ipf.rules"

#Enable ipnat
ipnat_enable="YES"

#Tell ipnat where to get its rules
ipnat_rules="/etc/ipnat.rules"