Date: Thu, 8 Apr 2010 08:10:34 -0400 From: Robert Huff <roberthuff@rcn.com> To: Adam Vande More <amvandemore@gmail.com> Cc: Gary Dunn <osp@aloha.com>, Robert Huff <roberthuff@rcn.com>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Kernel Config for NAT Message-ID: <19389.51130.108457.400747@jerusalem.litteratus.org> In-Reply-To: <o2s6201873e1004072155ie746928cx5faac5d3f8e1d8ef@mail.gmail.com> References: <201004080252.o382qFH7019790@leka.aloha.com> <x2m6201873e1004072052u88a62b4eo7d1e9a457240937a@mail.gmail.com> <19389.23404.649946.265403@jerusalem.litteratus.org> <o2s6201873e1004072155ie746928cx5faac5d3f8e1d8ef@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam Vande More writes: > > If compiled into the kernel, there's a set of optional settings > > (VERBOSE, LOG_LINIT, DEFAULT_TO_ACCEPT, etc) that can be set there. > > If using the module, how does one set these? > > > Logging is compiled into the modules and there are a few sysctl's. AFAIK, > everything else is the same. > > http://www.freebsd.org/doc/handbook/firewalls-ipfw.html So ... double-checking I'm doing this right: 1) in /boot/loader.conf: ipfw_load="YES" ipdivert_load="YES" 2) in the kernel config: #options IPFIREWALL #firewall #options IPFIREWALL_VERBOSE #enable logging to syslogd(8) #options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default #options IPDIVERT #options IPFIREWALL_NAT #ipfw kernel nat support options LIBALIAS # required for NAT 3) in /etc/sysctl.conf: net.inet.ip.fw.default_to_accept="1" net.inet.ip.fw.verbose="1" net.inet.ip.fw.verbose_limit="100" That cover it? Robert Huff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19389.51130.108457.400747>