From owner-freebsd-questions@FreeBSD.ORG Thu Apr 8 03:52:45 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3C33106564A for ; Thu, 8 Apr 2010 03:52:44 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by mx1.freebsd.org (Postfix) with ESMTP id AB17E8FC0A for ; Thu, 8 Apr 2010 03:52:44 +0000 (UTC) Received: by qw-out-2122.google.com with SMTP id 5so520993qwi.7 for ; Wed, 07 Apr 2010 20:52:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type; bh=GHeqAhgROB/UMmV3jwiwLZx+3TauTdLsjQFvrEPP/3g=; b=porty5Ftb6qFncGDnr5cnlPR1afdlY37QYzpg4PXdSg6Ytf71tPcezkxeHIAATiclg dA5lEO6BE4SoQ9wdKD5mS5hVonJjSmJOpNZGGqos63gBOCWWSSHhNVUTSSuKEhftV8Mb 6JqURr4pqJAaNQG0OKJmSGreO11rPCJYQEyyA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Voujq7SASdFm63s+DJQkKvqeTqx6Lix/RO1zM8Z5BlnVNWDm7QtAgjAWz7oDWvpY0S FcpqLN7S+cLfmXqPP2Dw7nRZ4WZSGrHXUU5DrXIw/jwDZaJnEXw2f7WtI4vszp2kOXD5 Z+zf5m1Ga6BelWJ8xC84vzddZgoD/DYXiml0c= MIME-Version: 1.0 Received: by 10.229.85.147 with HTTP; Wed, 7 Apr 2010 20:52:43 -0700 (PDT) In-Reply-To: <201004080252.o382qFH7019790@leka.aloha.com> References: <201004080252.o382qFH7019790@leka.aloha.com> Date: Wed, 7 Apr 2010 22:52:43 -0500 Received: by 10.229.217.148 with SMTP id hm20mr15261002qcb.38.1270698763935; Wed, 07 Apr 2010 20:52:43 -0700 (PDT) Message-ID: From: Adam Vande More To: Gary Dunn Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions Subject: Re: Kernel Config for NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2010 03:52:45 -0000 On Wed, Apr 7, 2010 at 9:51 PM, Gary Dunn wrote: > I am setting up a router to share one Wi-Fi link between a few computers > that only support CAT-5. Like a wireless access point except wired and > wireless sides are reversed. My question is about the ipfw packet filter. > >From the handbook section on NAT, 31.9.3, I can achieve what I need with > boot loader options. Section 31.9.4 describes alternatives for building a > custom kernel. In contrast, the chapter on ipfw states several times that > NAT requires a custom kernel - 30.6.1, 30.6.2, 30.6.5.7. > > I want to use freebsd-update and building a custom kernel eliminates that > option. > > Which is correct? Do I need to build a custom kernel to use NAT? > You don't need to do build a custom kernel anymore, that's a relatively recent change. Another option is to use pf instead ipfw since it has built-in NAT. I'm not saying you should change as your current path has worked great for me for many years. -- Adam Vande More