Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 01 Jul 2001 13:39:58 +0100
From:      John Murphy <jfm@blueyonder.co.uk>
To:        Isaac Mushinsky <imush@mail.ru>
Cc:        tspivey8@home.com, questions@FreeBSD.ORG
Subject:   Re: how to setup natd under ipf?
Message-ID:  <rg5ujt0p99a22gjuojo0r3qtnd27motkrn@4ax.com>
In-Reply-To: <01070100201800.73812@omsk.mushinsky.net>
References:  <200106302050.f5UKoRa00311@home.com> <01070100201800.73812@omsk.mushinsky.net>
index | next in thread | previous in thread | raw e-mail 

Isaac Mushinsky <imush@mail.ru> wrote:

>On Saturday 30 June 2001 16:50, you wrote:
>> place cc me sicne i am not on this list.
>> how do i get nat on ipf?
>> it says unknown keyword map.
>> map rl0 10.0.0.0/24 -> 0/32
>> it worked under ipfw.
>> and ihave natd_enable and all that in rc.conf.
>>
>In your kernel config file you shoud have
>options	        IPFIREWALL
<snip>

Ummm.  Great answer for how to use ipfirewall, however:

natd is only required for ipfw.  It's ipnat for ipfilter.

IPFilter needs a separate file /etc/ipnat.rules for map and rdr rules.

You just need these two lines in the kernel configuration file:
options         IPFILTER                # ipfilter support
options         IPFILTER_LOG            # ipfilter logging

and these in /etc/rc.conf:
ipfilter_enable="YES"           # Set to YES to enable ipfilter functionality
ipfilter_program="/sbin/ipf -Fa -f"
                                # program and how to specify the rules file,
                                # see /etc/rc.network (pass1) for details
ipfilter_rules="/etc/ipf.rules"
                                # rules definition file for ipfilter, see
                                # /usr/src/contrib/ipfilter/rules for examples
ipfilter_flags=""               # should be *empty* when ipf is _not_ a module
                                # (i.e. compiled into the kernel) to
                                # avoid a warning about "already initialized" ipnat_enable="YES"              # Set to YES for ipnat; needs ipfilter, too! ipnat_program="/sbin/ipnat -CF -f" # program
and how to specify rules file ipnat_rules="/etc/ipnat.rules"  # rules definition file for ipnat
ipnat_flags=""                  # additional flags for ipnat
ipmon_enable="YES"              # Set to YES for ipmon; needs ipfilter, too!
ipmon_program="/sbin/ipmon"     # where the ipfilter monitor program lives ipmon_flags="-D /var/log/ipflog"  # typically "-Ds" or "-D /var/log/ipflog"

John.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?rg5ujt0p99a22gjuojo0r3qtnd27motkrn>