Date: Wed, 7 Jan 2004 07:41:50 -0600 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "C. Kukulies" <kuku@www.kukulies.org>, <freebsd-current@freebsd.org> Subject: Re: IPDIVERT IPFIREWALL Message-ID: <002a01c3d524$011ea3b0$d037630a@nic.target.com> References: <200401061735.i06HZYk4082395@www.kukulies.org>
next in thread | previous in thread | raw e-mail | index | archive | help
C. Kukulies wrote: > Just a question: Are IPDIVERT and IPFIREWALL still valid options to > enable > NAT and firewall in the kernel or have they been deprecated. > > Just built a kernel with these options and it always gives > permission denied when I want to ping to some address. > > Could someone give me a short advice which way to go with the > following configuration: > > > Internet--------DSL--------FreeBSD gateway------Wlan ((((((((( > 192.168.254.x pppoe with -nat option > | > | > LAN 192.168.0.x > | > | > other machines that want to > use e.g. port 16967-16969 (squidcam) > > > I have no firewall active at present. NAT to the WLAN works fine. > But when I want to do also NAT to the LAN, I wonder what the way to > go would be best? > > Run natd? Do it just by rc.firewall? The default for firewall rules is to deny all traffic. There are two ways around this. You can enable the firewall or you can default the rules to accept by building option options IPFIREWALL_DEFAULT_TO_ACCEPT into your kernel (not recommended). Take a look at /etc/rc.firewall for more information ..... RTM Tom Veldhouse
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002a01c3d524$011ea3b0$d037630a>