From owner-freebsd-questions@FreeBSD.ORG Mon Sep 15 12:54:10 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1971516A4BF for ; Mon, 15 Sep 2003 12:54:10 -0700 (PDT) Received: from smtp.mailbox.co.uk (smtp.mailbox.net.uk [195.82.125.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id B567F43FDD for ; Mon, 15 Sep 2003 12:54:08 -0700 (PDT) (envelope-from wayne@penguinpowered.org) Received: from [212.18.250.169] (helo=marvin.penguinpowered.org) by smtp.mailbox.co.uk with esmtp (Exim 3.36 #1) id 19yzQF-0007rR-00 for freebsd-questions@freebsd.org; Mon, 15 Sep 2003 20:54:07 +0100 Received: by marvin.penguinpowered.org (Postfix, from userid 1001) id 10D1D15240; Mon, 15 Sep 2003 20:55:02 +0100 (BST) Date: Mon, 15 Sep 2003 20:55:01 +0100 From: Wayne Pascoe To: freebsd-questions@freebsd.org Message-ID: <20030915195501.GA10770@marvin.penguinpowered.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Sender: wayne@penguinpowered.org X-System: FreeBSD i386 with kernel 4.9-PRERELEASE Subject: NAT without recompiling my kernel ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2003 19:54:10 -0000 Hi all, I've got ipfw working and logging without recompiling my kernel. I've now hit my next problem... Is it possible to use NAT without recompiling ? I've kldloaded the dummynet module, and included that in /boot/loader.conf, but when I reboot, I get the following in my dmesg : IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled Is there any way to set divert enabled without recompiling my kernel with IPDIVERT included? For the record, the relevant section of my rc.conf is as follows: firewall_enable="YES" firewall_type="open" firewall_quiet="NO" natd_enable="YES" When I try and add natd by doing ipfw add 50 divert natd all from any to any via xl0 I get ipfw: getsockopt(IP_FW_ADD): Invalid argument and in /var/log/messages I get Sep 15 20:54:27 marvin /kernel: ip_fw_ctl: invalid command xl0 is my private network IP by the way Regards, -- Wayne Pascoe I laugh in the face of danger... Then I run and hide until it goes away!