Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 Apr 2010 10:57:04 -0500
From:      Adam Vande More <amvandemore@gmail.com>
To:        Robert Huff <roberthuff@rcn.com>
Cc:        Gary Dunn <osp@aloha.com>, freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: Kernel Config for NAT
Message-ID:  <y2m6201873e1004080857q79d0ab30r93d1e5e8bb30d2b8@mail.gmail.com>
In-Reply-To: <19389.51130.108457.400747@jerusalem.litteratus.org>
References:  <201004080252.o382qFH7019790@leka.aloha.com> <x2m6201873e1004072052u88a62b4eo7d1e9a457240937a@mail.gmail.com> <19389.23404.649946.265403@jerusalem.litteratus.org> <o2s6201873e1004072155ie746928cx5faac5d3f8e1d8ef@mail.gmail.com> <19389.51130.108457.400747@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Apr 8, 2010 at 7:10 AM, Robert Huff <roberthuff@rcn.com> wrote:

>
> 1) in /boot/loader.conf:
>
> ipfw_load="YES"
> ipdivert_load="YES"
>
> 2) in the kernel config:
>
> #options  IPFIREWALL              #firewall
> #options  IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
> #options  IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
> #options  IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
> #options  IPDIVERT
> #options  IPFIREWALL_NAT          #ipfw kernel nat support
> options  LIBALIAS                               # required for NAT
>
> 3) in /etc/sysctl.conf:
>
> net.inet.ip.fw.default_to_accept="1"
> net.inet.ip.fw.verbose="1"
> net.inet.ip.fw.verbose_limit="100
>

That's actually a good question considering the lack of documentation.  If
that works then great, but one wonders what the ipfw_nat modules is for?
...
looks like it's tied into libalias apparently a replacement for natd.

http://wiki.freebsd.org/Libalias

That seems to be a major problem with those GsoC projects, even if they get
something good working there is frequently no documentation with it.  Then
it sits there mostly unused waiting for bitrot to set in.  I don't know the
structure of GsoC, but if it's possible for the mentor to *strongly*
encourage documentation checkpoints(manpages, not wiki) I think these
projects would be better utilized.

-- 
Adam Vande More

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?y2m6201873e1004080857q79d0ab30r93d1e5e8bb30d2b8>