From owner-freebsd-questions  Sun Jul  1  5:40: 7 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from blueyonder.co.uk (pcow035o.blueyonder.co.uk [195.188.53.121])
	by hub.freebsd.org (Postfix) with ESMTP id BB20437B405
	for <questions@freebsd.org>; Sun,  1 Jul 2001 05:40:03 -0700 (PDT)
	(envelope-from jfm@blueyonder.co.uk)
Received: from lexx.my.domain ([62.31.194.122]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Sun, 1 Jul 2001 13:42:16 +0100
From: John Murphy <jfm@blueyonder.co.uk>
To: Isaac Mushinsky <imush@mail.ru>
Cc: tspivey8@home.com, questions@FreeBSD.ORG
Subject: Re: how to setup natd under ipf?
Date: Sun, 01 Jul 2001 13:39:58 +0100
Organization: poor
Reply-To: jfm@blueyonder.co.uk
Message-ID: <rg5ujt0p99a22gjuojo0r3qtnd27motkrn@4ax.com>
References: <200106302050.f5UKoRa00311@home.com> <01070100201800.73812@omsk.mushinsky.net>
In-Reply-To: <01070100201800.73812@omsk.mushinsky.net>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Isaac Mushinsky <imush@mail.ru> wrote:

>On Saturday 30 June 2001 16:50, you wrote:
>> place cc me sicne i am not on this list.
>> how do i get nat on ipf?
>> it says unknown keyword map.
>> map rl0 10.0.0.0/24 -> 0/32
>> it worked under ipfw.
>> and ihave natd_enable and all that in rc.conf.
>>
>In your kernel config file you shoud have
>options	        IPFIREWALL
<snip>

Ummm.  Great answer for how to use ipfirewall, however:

natd is only required for ipfw.  It's ipnat for ipfilter.

IPFilter needs a separate file /etc/ipnat.rules for map and rdr rules.

You just need these two lines in the kernel configuration file:
options         IPFILTER                # ipfilter support
options         IPFILTER_LOG            # ipfilter logging

and these in /etc/rc.conf:
ipfilter_enable=3D"YES"           # Set to YES to enable ipfilter =
functionality
ipfilter_program=3D"/sbin/ipf -Fa -f"
                                # program and how to specify the rules =
file,
                                # see /etc/rc.network (pass1) for details
ipfilter_rules=3D"/etc/ipf.rules"
                                # rules definition file for ipfilter, see
                                # /usr/src/contrib/ipfilter/rules for =
examples
ipfilter_flags=3D""               # should be *empty* when ipf is _not_ a=
 module
                                # (i.e. compiled into the kernel) to
                                # avoid a warning about "already =
initialized" ipnat_enable=3D"YES"              # Set to YES for ipnat; =
needs ipfilter, too! ipnat_program=3D"/sbin/ipnat -CF -f" # program
and how to specify rules file ipnat_rules=3D"/etc/ipnat.rules"  # rules =
definition file for ipnat
ipnat_flags=3D""                  # additional flags for ipnat
ipmon_enable=3D"YES"              # Set to YES for ipmon; needs ipfilter,=
 too!
ipmon_program=3D"/sbin/ipmon"     # where the ipfilter monitor program =
lives ipmon_flags=3D"-D /var/log/ipflog"  # typically "-Ds" or "-D =
/var/log/ipflog"

John.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message