From owner-freebsd-questions@FreeBSD.ORG  Wed Apr 11 12:12:10 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 101DE106564A
	for <freebsd-questions@freebsd.org>;
	Wed, 11 Apr 2012 12:12:10 +0000 (UTC)
	(envelope-from roberthuff@rcn.com)
Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net
	[207.172.157.102])
	by mx1.freebsd.org (Postfix) with ESMTP id BE12A8FC0C
	for <freebsd-questions@freebsd.org>;
	Wed, 11 Apr 2012 12:12:09 +0000 (UTC)
Received: from mr16.lnh.mail.rcn.net ([207.172.157.36])
	by smtp02.lnh.mail.rcn.net with ESMTP; 11 Apr 2012 08:12:09 -0400
Received: from smtp04.lnh.mail.rcn.net (smtp04.lnh.mail.rcn.net
	[207.172.157.104]) by mr16.lnh.mail.rcn.net (MOS 4.3.4-GA)
	with ESMTP id BRR75759; Wed, 11 Apr 2012 08:12:08 -0400
Received: from 209-6-86-84.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com (HELO
	jerusalem.litteratus.org.litteratus.org) ([209.6.86.84])
	by smtp04.lnh.mail.rcn.net with ESMTP; 11 Apr 2012 08:12:08 -0400
From: Robert Huff <roberthuff@rcn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20357.29976.294862.301653@jerusalem.litteratus.org>
Date: Wed, 11 Apr 2012 08:12:08 -0400
To: KES <kes-kes@yandex.ua>
In-Reply-To: <434851334138446@web55.yandex.ru>
References: <434851334138446@web55.yandex.ru>
X-Mailer: VM 7.17 under 21.5  (beta28) "fuki" XEmacs Lucid
X-Junkmail-Whitelist: YES (by domain whitelist at mr16.lnh.mail.rcn.net)
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: ipfw FreeBSD 10 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 12:12:10 -0000


KES writes:

>  building kernel with this options:
>  options         IPFIREWALL              #enable ipfw
>  options         IPFIREWALL_VERBOSE      #enable log
>  options         IPFIREWALL_FORWARD      #enable fwd
>  options         IPDIVERT
>  options         LIBALIAS
>  options         IPFIREWALL_NAT          #enable nat
>  
>  do not enable IPFW
>  
>  When doing 
>  ipfw show
>  it shows
>  0000000  93874234  23402394820384 any to any
>  and stops

	I have IPFW working, eith:

options  IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options  IPFIREWALL_FORWARD
options  IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity

	in the kernel config file, and :

ipfw_load="YES"
ipfw_nat_load="YES"	# in-kernel ipfw nat
libalias_load="YES"	# for in-kernel ipfw nat

	in /boot/loader.conf.
	(Note: the available documentation for basic IPFW is good.
However, if you want to do NAT, the information - in the IPFW man
page and the Handbook - extremely confusing.  It took me a week
and some expert help to get this working.)

	Respectfully,


			Robert Huff