Date: Fri, 9 Apr 2010 09:26:01 +0200 From: n j <nino80@gmail.com> To: ipfw@freebsd.org Subject: Re: Kernel Config for NAT Message-ID: <r2p92bcbda51004090026ie006e201hff36387f43e38ec2@mail.gmail.com> In-Reply-To: <y2m6201873e1004080857q79d0ab30r93d1e5e8bb30d2b8@mail.gmail.com> References: <201004080252.o382qFH7019790@leka.aloha.com> <x2m6201873e1004072052u88a62b4eo7d1e9a457240937a@mail.gmail.com> <19389.23404.649946.265403@jerusalem.litteratus.org> <o2s6201873e1004072155ie746928cx5faac5d3f8e1d8ef@mail.gmail.com> <19389.51130.108457.400747@jerusalem.litteratus.org> <y2m6201873e1004080857q79d0ab30r93d1e5e8bb30d2b8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> That's actually a good question considering the lack of documentation. = =A0If > that works then great, but one wonders what the ipfw_nat modules is for? > looks like it's tied into libalias apparently a replacement for natd. Here's my kernel configuration: [--snip--] options IPFIREWALL # enable ipfw firewall options IPDIVERT # for divert funcionality - not really required options IPFIREWALL_FORWARD # for ipfw forward functionality options IPFIREWALL_NAT # for in-kernel nat options LIBALIAS # req'd by ipfirewall_nat [--snip--] If I'm to trust the comment I wrote quite a while ago, IPDIVERT is not necessary. Also, IPFIREWALL_FORWARD is not really needed for NAT, this is specific to my setup. So, basically that leaves IPFIREWALL, IPFIREWALL_NAT and LIBALIAS as the necessary tweaks in kernel conf for NAT to work. Note, this configuration enables the in-kernel NAT which is (relatively) recent addition to FreeBSD. You turn it on like this: ipfw nat 123 config ip 192.168.0.123 log ipfw add nat 123 all from any to any In my experience, it works pretty well and I consider it a big improvement over running natd and diverting packets to it. Regards, --=20 Nino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?r2p92bcbda51004090026ie006e201hff36387f43e38ec2>