Date: Mon, 6 Mar 2000 10:28:06 +1300 From: "Dan Langille" <dan@freebsddiary.org> To: "Phastnet" <phastnet@bellsouth.net> Cc: <freebsd-questions@freebsd.org> Subject: Re: switch from natd to ipnat Message-ID: <200003052128.KAA79660@ducky.nz.freebsd.org> In-Reply-To: <005301bf8608$de8ff560$02ac14ac@mia.bellsouth.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Mar 00, at 13:37, Phastnet wrote: > Thanks for the help! I now have it working great! Active FTP's work > perfectly now :) Your website helped a ton, but I did notice one thing you > MIGHT want to change on your site. When I was reading on your page how to > setup ipfilter (http://www.freebsddiary.org/ipfilter334.html), you said to > "Remember to add kernel support for ipnat before recompiling." So I added > "options IPFILTER" like you say to do on your ipnat page, then went back to > install ipfilter. When I did step #3: run "FreeBSD-3/ kinstall" , it asked > if it could modify MYKERNEL for me. I allowed it to do it, then went and > checked what it did. The only thing I could find changed was the addition > of 2 more lines: options IPFILTER options IPFILTER_LOG Good point. I've added this to http://www.freebsddiary.org/ipnat.html: The following instructions apply only if you are only ipnat and *not* adding IP Filter. The IP Filter installation process will do the following steps for you. > > the line I added for ipnat was also still there, so I just deleted it since > it was now a duplicate. I rebuilt the kernel, rebooted, and everything > worked sweet after I ran "ipnat -f /etc/ipnat.conf". I didn't run "ipf -f > /etc/ipf.conf", because everything started working without it. Should I be > running that too? I haven't setup my rules yet, maybe this is why I don't > notice anything wrong yet? perhaps your system already has a startup for ipnat in /usr/local/etc/rc.d > anyways, I converted from using ipfw/natd to this setup, which is what > other people probably do too their first time, so I wanted to know what I > could remove so that ipfw/natd isn't activated anymore. Here's what I did: > > removed the natd options from rc.conf > > this stopped natd from working, but in the dmesg, I still saw alot of stuff > from ipfw. So, I looked up in "The Complete FreeBSD" what I did to enable > natd to begin with. I removed these 2 options from MYKERNEL and rebuilt it: > options IPFIREWALL options IPDIVERT Above is mentioned at http://www.freebsddiary.org/ipfilter.html under "removing natd/ipfw". I've added a cross reference to this from the article you were reading (http://www.freebsddiary.org/ipfilter334.html). > I was afraid ipf/ipnat might need these, but it all appears to still work > fine! and the dmesg output looks better now. > > Did I do it all right? Is there anything else I can remove from the old > ipfw/natd setup? Thanks again for your help!! It sounds right to me. If all is working well, and you're having no problems, It Must Be Right (TM). Thanks for the suggestions. -- Dan Langille - DVL Software Limited [I'm looking for more work] http://www.dvl-software.com/ | http://www.unixathome.org/ http://www.racingsystem.com/ | http://www.freebsddiary.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003052128.KAA79660>