Date: Tue, 01 May 2001 00:46:54 -0600 From: Wes Peters <wes@softweyr.com> To: Matt Dillon <dillon@earth.backplane.com> Cc: =?iso-8859-1?Q?Jes=FAs=20Arn=E1iz?= <jesus@pasapues.com>, questions@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: NAT and IPFiltering Message-ID: <3AEE5BDE.ACB3F3A5@softweyr.com> References: <EPEJLCLAKFDENCGMPJJDAECPDFAA.jesus@pasapues.com> <200104262321.f3QNLpx61257@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Dillon wrote:
>
> :Hi!
> :
> :I'm configuring a server able to do NAT and IP FILTERING (IPF).
> :
> :What are the required options that I should set to the kernel?
> :
> :I have this:
> :...
> :Jesús Arnáiz
>
> I think all you need is:
>
> options IPFIREWALL
> options IPDIVERT
Those are for ipfw/natd. For ipfilter, you need:
> I usually also have (because it is useful):
>
> options IPFILTER
If you want to use ipmon to log ipf actions, you'll need:
options IPFILTER_LOG
The default state in ipf is open, you can change it to block with:
options IPFILTER_DEFAULT_BLOCK
That's it. ipnat uses ipfilter in the kernel and requires only the
IPFILTER option.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AEE5BDE.ACB3F3A5>