Date: Sun, 14 Nov 2004 13:42:19 +0000 From: John Murphy <sub01@freeode.co.uk> To: questions@FreeBSD.ORG Subject: Re: Natd/Gateway=yes vs 5.3 Message-ID: <jimep0t1dji0ct3cv2u5n7jkn829c56b0v@4ax.com>
next in thread | raw e-mail | index | archive | help
Francisco Reyes wrote: >Migrating a 4.10 box. >Copied data to a second drive. >Installed 5.3 >Changed kernel to add > >options IPFIREWALL >options IPFIREWALL_VERBOSE >options "IPFIREWALL_VERBOSE_LIMIT"=50 >options IPDIVERT > >In /etc/rc.conf have >firewall_enable="YES" >firewall_logging="YES" # Set to YES to enable events logging >firewall_quiet="NO" >firewall_type="open" >gateway_enable="YES" >natd_enable="YES" # Enable natd (if firewall_enable == YES). >natd_flags="-f /etc/natd.conf" # Set rules file for the NAT daemon >natd_interface="ed0" I've been reading the (excellent) firewall section of the handbook at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html Section 14.9.6.3 /etc/rc.conf Options says: If you don't have IPFW compiled into your kernel you will need to load it with the following statement in your /etc/rc.conf: firewall_enable="YES" Perhaps you have two ipfws, the kld and the one in the kernel. Section 14.9.6.5.7 An Example NAT and Stateful Ruleset says: The kernel source needs 'option divert' statement added to the other IPFIREWALL statements compiled into a custom kernel. So I guess that supersedes your "options IPDIVERT" entry. -- HTH, John.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?jimep0t1dji0ct3cv2u5n7jkn829c56b0v>