Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 01 Jul 2001 13:39:58 +0100
From:      John Murphy <jfm@blueyonder.co.uk>
To:        Isaac Mushinsky <imush@mail.ru>
Cc:        tspivey8@home.com, questions@FreeBSD.ORG
Subject:   Re: how to setup natd under ipf?
Message-ID:  <rg5ujt0p99a22gjuojo0r3qtnd27motkrn@4ax.com>
In-Reply-To: <01070100201800.73812@omsk.mushinsky.net>
References:  <200106302050.f5UKoRa00311@home.com> <01070100201800.73812@omsk.mushinsky.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Isaac Mushinsky <imush@mail.ru> wrote:

>On Saturday 30 June 2001 16:50, you wrote:
>> place cc me sicne i am not on this list.
>> how do i get nat on ipf?
>> it says unknown keyword map.
>> map rl0 10.0.0.0/24 -> 0/32
>> it worked under ipfw.
>> and ihave natd_enable and all that in rc.conf.
>>
>In your kernel config file you shoud have
>options	        IPFIREWALL
<snip>

Ummm.  Great answer for how to use ipfirewall, however:

natd is only required for ipfw.  It's ipnat for ipfilter.

IPFilter needs a separate file /etc/ipnat.rules for map and rdr rules.

You just need these two lines in the kernel configuration file:
options         IPFILTER                # ipfilter support
options         IPFILTER_LOG            # ipfilter logging

and these in /etc/rc.conf:
ipfilter_enable=3D"YES"           # Set to YES to enable ipfilter =
functionality
ipfilter_program=3D"/sbin/ipf -Fa -f"
                                # program and how to specify the rules =
file,
                                # see /etc/rc.network (pass1) for details
ipfilter_rules=3D"/etc/ipf.rules"
                                # rules definition file for ipfilter, see
                                # /usr/src/contrib/ipfilter/rules for =
examples
ipfilter_flags=3D""               # should be *empty* when ipf is _not_ a=
 module
                                # (i.e. compiled into the kernel) to
                                # avoid a warning about "already =
initialized" ipnat_enable=3D"YES"              # Set to YES for ipnat; =
needs ipfilter, too! ipnat_program=3D"/sbin/ipnat -CF -f" # program
and how to specify rules file ipnat_rules=3D"/etc/ipnat.rules"  # rules =
definition file for ipnat
ipnat_flags=3D""                  # additional flags for ipnat
ipmon_enable=3D"YES"              # Set to YES for ipmon; needs ipfilter,=
 too!
ipmon_program=3D"/sbin/ipmon"     # where the ipfilter monitor program =
lives ipmon_flags=3D"-D /var/log/ipflog"  # typically "-Ds" or "-D =
/var/log/ipflog"

John.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?rg5ujt0p99a22gjuojo0r3qtnd27motkrn>