From owner-freebsd-questions Wed May 2 16:49:38 2001 Delivered-To: freebsd-questions@freebsd.org Received: from softweyr.com (mail.dobox.com [208.187.122.44]) by hub.freebsd.org (Postfix) with ESMTP id 6574537B424; Wed, 2 May 2001 16:49:26 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=ada25448f5bb7769debaedab93916bea) by softweyr.com with esmtp (Exim 3.16 #1) id 14uTvy-0000AT-00; Tue, 01 May 2001 00:46:54 -0600 Message-ID: <3AEE5BDE.ACB3F3A5@softweyr.com> Date: Tue, 01 May 2001 00:46:54 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Matt Dillon Cc: =?iso-8859-1?Q?Jes=FAs=20Arn=E1iz?= , questions@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: NAT and IPFiltering References: <200104262321.f3QNLpx61257@earth.backplane.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Matt Dillon wrote: > > :Hi! > : > :I'm configuring a server able to do NAT and IP FILTERING (IPF). > : > :What are the required options that I should set to the kernel? > : > :I have this: > :... > :Jesús Arnáiz > > I think all you need is: > > options IPFIREWALL > options IPDIVERT Those are for ipfw/natd. For ipfilter, you need: > I usually also have (because it is useful): > > options IPFILTER If you want to use ipmon to log ipf actions, you'll need: options IPFILTER_LOG The default state in ipf is open, you can change it to block with: options IPFILTER_DEFAULT_BLOCK That's it. ipnat uses ipfilter in the kernel and requires only the IPFILTER option. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message