From owner-freebsd-questions Sat Oct 28 21:58:30 2000 Delivered-To: freebsd-questions@freebsd.org Received: from transbay.net (dns1.transbay.net [209.133.53.2]) by hub.freebsd.org (Postfix) with ESMTP id 99A7B37B4C5 for ; Sat, 28 Oct 2000 21:58:28 -0700 (PDT) Received: from transbay.net (rigel.transbay.net [209.133.53.177]) by transbay.net (8.9.3/8.9.3) with ESMTP id VAA91426; Sat, 28 Oct 2000 21:58:10 -0700 (PDT) Message-ID: <39FBB1C3.569C940C@transbay.net> Date: Sat, 28 Oct 2000 22:12:35 -0700 From: UCTC Sysadmin Organization: UC Telecommunications Company X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Peter Kasala Cc: freebsd-questions@freebsd.org Subject: Re: Konfigure Kernel (how to make NAT work) References: <001101c03f24$a4d10c30$3a00a8c0@slowakei> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Peter Kasala wrote: > > Hi I run the natd program, but I don't find a configure file natd.conf, but I must rewrite this file. > I compile the kernel with ipfw option, but I know'n compile kernel with any option natd too. > Must I compile kernel? and witch is the option? > If I no compile kernel where I found configure file, I must it!! You don't need a natd.conf file if you use the defaults. If you want to remap specific services (port numbers) to specific addresses, you need the file. You have to write the file. "man natd.conf" if you really need the file, but bread-and-butter NAT you don't. The file is /etc/natd.conf. The flags I use for natd are -m -s -u. If you are using FreeBSD 4+, /etc/rc.conf has labels to enable natd and you would insert those flags in the NATD_FLAGS= label. Then I think even the /etc/rc.firewall file will enable the necessary firewall rule for NAT. The kernel config file, you need option IPDIVERT option IPFIREWALL I would also suggest option IPFIREWALL_DEFAULT_TO_ACCEPT option IPFIREWALL_LOG_LIMIT-whatever, turn it off (don't use it) read the LINT file to see the correct names for these options. The LOG_LIMIT thing, you can always set a limit later using sysctl command and if you have a 'deny log' rule to catch bad guys you probably would like to see each and every hit logged. -ecsd@transbay.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message