From owner-freebsd-questions@FreeBSD.ORG Thu Apr 8 15:57:06 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40851106564A for ; Thu, 8 Apr 2010 15:57:06 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-qy0-f181.google.com (mail-qy0-f181.google.com [209.85.221.181]) by mx1.freebsd.org (Postfix) with ESMTP id E563B8FC20 for ; Thu, 8 Apr 2010 15:57:05 +0000 (UTC) Received: by qyk11 with SMTP id 11so1658887qyk.13 for ; Thu, 08 Apr 2010 08:57:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type; bh=Ba9zULxJGW/obhje5vKO8PkOWybjb8HtaB8h9+neMr4=; b=j76PZXbOoIGM40IxMN2zTUSPUR3yX6TE+l9NTl/cWSAnKNXzcqGSbZTBQKeV9O/foN +fgjwKRSiDpFjGftzsqccWUgMCIZ+qlBEw5ctzRpZ16U6kbMEkXR9coa/VUAaiPTpCwL r3sBIw0G3mmdqm6dK4v4iduuOqxR90/LJRa5I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=nLTVfkarZv5Z3N6S63fiZ+vPAFH1e8oCa9ELRxZue7sr0ggHnqX15QzSMQHRHon5de cIUTnVbA1QDJbCyKvI1EhCK8awrjvTkpM9QqVjb+FxN5ffHXVVcAyAPdpsKcN0874JVa dk51CJHfNEjMWTQZDuSUJX+mnxyF7qp1T7E5M= MIME-Version: 1.0 Received: by 10.229.85.147 with HTTP; Thu, 8 Apr 2010 08:57:04 -0700 (PDT) In-Reply-To: <19389.51130.108457.400747@jerusalem.litteratus.org> References: <201004080252.o382qFH7019790@leka.aloha.com> <19389.23404.649946.265403@jerusalem.litteratus.org> <19389.51130.108457.400747@jerusalem.litteratus.org> Date: Thu, 8 Apr 2010 10:57:04 -0500 Received: by 10.229.236.16 with SMTP id ki16mr313180qcb.68.1270742225067; Thu, 08 Apr 2010 08:57:05 -0700 (PDT) Message-ID: From: Adam Vande More To: Robert Huff Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Gary Dunn , freebsd-questions Subject: Re: Kernel Config for NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2010 15:57:06 -0000 On Thu, Apr 8, 2010 at 7:10 AM, Robert Huff wrote: > > 1) in /boot/loader.conf: > > ipfw_load="YES" > ipdivert_load="YES" > > 2) in the kernel config: > > #options IPFIREWALL #firewall > #options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > #options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default > #options IPDIVERT > #options IPFIREWALL_NAT #ipfw kernel nat support > options LIBALIAS # required for NAT > > 3) in /etc/sysctl.conf: > > net.inet.ip.fw.default_to_accept="1" > net.inet.ip.fw.verbose="1" > net.inet.ip.fw.verbose_limit="100 > That's actually a good question considering the lack of documentation. If that works then great, but one wonders what the ipfw_nat modules is for? ... looks like it's tied into libalias apparently a replacement for natd. http://wiki.freebsd.org/Libalias That seems to be a major problem with those GsoC projects, even if they get something good working there is frequently no documentation with it. Then it sits there mostly unused waiting for bitrot to set in. I don't know the structure of GsoC, but if it's possible for the mentor to *strongly* encourage documentation checkpoints(manpages, not wiki) I think these projects would be better utilized. -- Adam Vande More