Date: Mon, 8 Oct 2007 10:22:56 +0200 From: Paolo Pisati <piso@freebsd.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: Randy Bush <randy@psg.com>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: ipfw nat befuddlement Message-ID: <20071008082256.GA9098@tin.it> In-Reply-To: <4709D647.1050803@yandex.ru> References: <4708D2EE.4010405@psg.com> <4709D44E.5050305@psg.com> <4709D647.1050803@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 08, 2007 at 11:03:35AM +0400, Andrey V. Elsukov wrote: > Randy Bush wrote: >> # grep -n nat /etc/ipfw.rules >> 33:add nat 123 all from any to any >> 34:add nat 123 config if vr0 > ^^^^^^^^ - add is not needed here. ipfw nat crash course: echo "net.inet.ip.fw.one_pass=0" >> /etc/sysctl.conf and manually add: ipfw nat 123 config if $IF log ipfw add nat 123 ip4 from any to any via $IF or substisute natd_enable/natd_interface in rc.conf with: firewall_nat_enable="yes" firewall_nat_interface="$IF" Done. bye, P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071008082256.GA9098>