Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 1 Jul 2001 02:28:14 -0400
From:      Isaac Mushinsky <itz@mushinsky.net>
To:        "freebsd-questions" <freebsd-questions@freebsd.org>
Cc:        tyler spivey <tspivey8@home.com>
Subject:   Re: ipfw
Message-ID:  <01070102281403.73812@omsk.mushinsky.net>
next in thread | raw e-mail | index | archive | help 
On Saturday 30 June 2001 16:50, you wrote:
> place cc me sicne i am not on this list.
> how do i get nat on ipf?
> it says unknown keyword map.
> map rl0 10.0.0.0/24 -> 0/32
> it worked under ipfw.
> and ihave natd_enable and all that in rc.conf.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

In your kernel config file you shoud have
options=09        IPFIREWALL
options         IPDIVERT
also possibly
options         MROUTING
options         IPFIREWALL_FORWARD
options         IPV6FIREWALL

if not, recompile kernel with these.
Now use ipfw. For example, I have 2 ethernet cards on the firewall: rl0 g=
oes
 to DSL modem and dc0 to another box. For a wide open diversion use $ ipf=
w -f
 flush
$ ipfw add divert 8668 all from any to any via rl0
$ ipfw add allow all from any to any
$ /sbin/natd

To set this up on boot, here is my rc.conf:

inetd_enable=3D"YES"
ifconfig_rl0=3D"inet xxx.xxx.xxx.xxx  netmask 255.255.255.0"    <<<< my s=
tatic
 IP address there defaultrouter=3D"xxx.xxx.xxx.1"
                            <<<< gateway from my ISP tcp_extensions=3D"YE=
S"
nisdomainname=3D"NO"
network_interfaces=3D"ppp0 rl0 dc0 lo0"
ifconfig_dc0=3D"inet 192.168.2.100  netmask 255.255.255.0"
ipv6_enable=3D"YES"
firewall_enable=3D"YES"
natd_program=3D"/sbin/natd"
natd_interface=3D"rl0"
natd_enable=3D"YES"

and rc.network:
/sbin/ipfw -f flush
/sbin/ipfw add divert 8668 all from any to any via rl0
/sbin/ipfw add allow all from any to any

-------------------------------------------------------

-------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01070102281403.73812>