Date: Tue, 01 May 2001 00:46:54 -0600 From: Wes Peters <wes@softweyr.com> To: Matt Dillon <dillon@earth.backplane.com> Cc: =?iso-8859-1?Q?Jes=FAs=20Arn=E1iz?= <jesus@pasapues.com>, questions@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: NAT and IPFiltering Message-ID: <3AEE5BDE.ACB3F3A5@softweyr.com> References: <EPEJLCLAKFDENCGMPJJDAECPDFAA.jesus@pasapues.com> <200104262321.f3QNLpx61257@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Dillon wrote: > > :Hi! > : > :I'm configuring a server able to do NAT and IP FILTERING (IPF). > : > :What are the required options that I should set to the kernel? > : > :I have this: > :... > :Jesús Arnáiz > > I think all you need is: > > options IPFIREWALL > options IPDIVERT Those are for ipfw/natd. For ipfilter, you need: > I usually also have (because it is useful): > > options IPFILTER If you want to use ipmon to log ipf actions, you'll need: options IPFILTER_LOG The default state in ipf is open, you can change it to block with: options IPFILTER_DEFAULT_BLOCK That's it. ipnat uses ipfilter in the kernel and requires only the IPFILTER option. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AEE5BDE.ACB3F3A5>