Francisco Reyes wrote: >Migrating a 4.10 box. >Copied data to a second drive. >Installed 5.3 >Changed kernel to add > >options IPFIREWALL >options IPFIREWALL_VERBOSE >options "IPFIREWALL_VERBOSE_LIMIT"=50 >options IPDIVERT > >In /etc/rc.conf have >firewall_enable="YES" >firewall_logging="YES" # Set to YES to enable events logging >firewall_quiet="NO" >firewall_type="open" >gateway_enable="YES" >natd_enable="YES" # Enable natd (if firewall_enable == YES). >natd_flags="-f /etc/natd.conf" # Set rules file for the NAT daemon >natd_interface="ed0"
I've been reading the (excellent) firewall section of the handbook at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html Section 14.9.6.3 /etc/rc.conf Options says: If you don't have IPFW compiled into your kernel you will need to load it with the following statement in your /etc/rc.conf: firewall_enable="YES" Perhaps you have two ipfws, the kld and the one in the kernel. Section 14.9.6.5.7 An Example NAT and Stateful Ruleset says: The kernel source needs 'option divert' statement added to the other IPFIREWALL statements compiled into a custom kernel. So I guess that supersedes your "options IPDIVERT" entry. -- HTH, John. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
