From owner-freebsd-hackers Mon Jan 13 14:19:18 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA09994 for hackers-outgoing; Mon, 13 Jan 1997 14:19:18 -0800 (PST) Received: from plains.nodak.edu (tinguely@plains.NoDak.edu [134.129.111.64]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA09976 for ; Mon, 13 Jan 1997 14:19:01 -0800 (PST) Received: (from tinguely@localhost) by plains.nodak.edu (8.8.4/8.8.3) id QAA13145; Mon, 13 Jan 1997 16:18:34 -0600 (CST) Date: Mon, 13 Jan 1997 16:18:34 -0600 (CST) From: Mark Tinguely Message-Id: <199701132218.QAA13145@plains.nodak.edu> To: avalon@coombs.anu.edu.au Subject: Re: IPFILTER Cc: brian@awfulhak.demon.co.uk, chris@mail.bb.cc.wa.us, hackers@FreeBSD.org Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > ICMP is now (but it doesn't rewrite the headers in error packets). good. > > Also, to get a successful remapping for IP application, be sure that you > > turned on the IP forwarding on the NAT host (ie: > > > > sysctl -w net.inet.ip.forwarding=1 > > > > ). > > even better, for things like ftp which have address data in the TCP stream, > use a proxy. net.inet.ip.forwarding tells FreeBSD it is a IP router and that it should forward packets from one interface to another. NAT translates the IP packet but FreeBSD will eat the translate packet unless told to forward it. --mark.