Date: Sat, 28 Oct 2000 22:12:35 -0700 From: UCTC Sysadmin <support@transbay.net> To: Peter Kasala <peter.kasala@heitec.sk> Cc: freebsd-questions@freebsd.org Subject: Re: Konfigure Kernel (how to make NAT work) Message-ID: <39FBB1C3.569C940C@transbay.net> References: <001101c03f24$a4d10c30$3a00a8c0@slowakei>
next in thread | previous in thread | raw e-mail | index | archive | help
> Peter Kasala wrote: > > Hi I run the natd program, but I don't find a configure file natd.conf, but I must rewrite this file. > I compile the kernel with ipfw option, but I know'n compile kernel with any option natd too. > Must I compile kernel? and witch is the option? > If I no compile kernel where I found configure file, I must it!! You don't need a natd.conf file if you use the defaults. If you want to remap specific services (port numbers) to specific addresses, you need the file. You have to write the file. "man natd.conf" if you really need the file, but bread-and-butter NAT you don't. The file is /etc/natd.conf. The flags I use for natd are -m -s -u. If you are using FreeBSD 4+, /etc/rc.conf has labels to enable natd and you would insert those flags in the NATD_FLAGS= label. Then I think even the /etc/rc.firewall file will enable the necessary firewall rule for NAT. The kernel config file, you need option IPDIVERT option IPFIREWALL I would also suggest option IPFIREWALL_DEFAULT_TO_ACCEPT option IPFIREWALL_LOG_LIMIT-whatever, turn it off (don't use it) read the LINT file to see the correct names for these options. The LOG_LIMIT thing, you can always set a limit later using sysctl command and if you have a 'deny log' rule to catch bad guys you probably would like to see each and every hit logged. -ecsd@transbay.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39FBB1C3.569C940C>