Re: FreeBSD firewall, nat, kernel
On 6/14/06, Dennis Olvany <[EMAIL PROTECTED]> wrote: From a fresh install, a working nat should only require a few commands. Kernel compilation is not necessary. I personally don't use the NAT function in my IPFW config, and thus just reverted to the handbook,,,*cough*, excuse me...bible for the information. Though, if this is the case you should probably submit a PR to the docs team to avoid future confusion. :) kldload ipfw kldload ipdivert sysctl net.inet.ip.forwarding=1 dhclient xl0 natd -dynamic -n xl0 ipfw add divert natd ip from any to any via xl0 ipfw add allow ip from any to any ifconfig rl0 192.168.100.253/24 To make the config permanent, you just need to use the rc equivalents of those commands. /etc/rc.conf firewall_enable="yes" firewall_type="/etc/ipfw.rules" gateway_enable="yes" ifconfig_xl0="dhcp" ifconfig_rl0="192.168.100.253/24" natd_enable="yes" natd_interface="xl0" /etc/ipfw.rules add divert natd ip from any to any via xl0 add allow ip from any to any ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" -David -- [EMAIL PROTECTED] ~]# fortune Happiness is just an illusion, filled with sadness and confusion. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD firewall, nat, kernel
From a fresh install, a working nat should only require a few commands. Kernel compilation is not necessary. kldload ipfw kldload ipdivert sysctl net.inet.ip.forwarding=1 dhclient xl0 natd -dynamic -n xl0 ipfw add divert natd ip from any to any via xl0 ipfw add allow ip from any to any ifconfig rl0 192.168.100.253/24 To make the config permanent, you just need to use the rc equivalents of those commands. /etc/rc.conf firewall_enable="yes" firewall_type="/etc/ipfw.rules" gateway_enable="yes" ifconfig_xl0="dhcp" ifconfig_rl0="192.168.100.253/24" natd_enable="yes" natd_interface="xl0" /etc/ipfw.rules add divert natd ip from any to any via xl0 add allow ip from any to any ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD firewall, nat, kernel
On 6/13/06, fbsd <[EMAIL PROTECTED]> wrote: All 3 FreeBSD 6.1 firewall software products IPF, IPFW, PF and their NAT components all work without having to be compiled into the kernel. To get NAT functionality from IPFW you need to add 'option divert' to your kernel configuration file and recompile. fbsd was half right, it's all in the handbook ;)... "There are some additional configuration statements that need to be enabled to activate the NAT function of IPFW. The kernel source needs 'option divert' statement added to the other IPFIREWALL statements compiled into a custom kernel." http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html Read the handbook closer for details on how to activate which ever one you want to use. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 9:35 AM To: [EMAIL PROTECTED] Subject: FreeBSD firewall, nat, kernel Hi, I've just installed a FBSD 6.1 box and I want to install Firewall and NAT services. The handbook Firewall chapter indicates to compile Firewall if you want NAT. But, I could not find in the GENERIC file the IPFIREWALL options. Do you have an idea ? Thanks, Regi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" -David -- [EMAIL PROTECTED] ~]# fortune Happiness is just an illusion, filled with sadness and confusion. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD firewall, nat, kernel
All 3 FreeBSD 6.1 firewall software products IPF, IPFW, PF and their NAT components all work without having to be compiled into the kernel. Read the handbook closer for details on how to activate which ever one you want to use. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 9:35 AM To: [EMAIL PROTECTED] Subject: FreeBSD firewall, nat, kernel Hi, I've just installed a FBSD 6.1 box and I want to install Firewall and NAT services. The handbook Firewall chapter indicates to compile Firewall if you want NAT. But, I could not find in the GENERIC file the IPFIREWALL options. Do you have an idea ? Thanks, Regi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD firewall, nat, kernel
[EMAIL PROTECTED] wrote: Hi, I've just installed a FBSD 6.1 box and I want to install Firewall and NAT services. The handbook Firewall chapter indicates to compile Firewall if you want NAT. But, I could not find in the GENERIC file the IPFIREWALL options. Do you have an idea ? See the NOTES file for extra kernel options, /usr/src/sys/conf/NOTES You can choose to compile ipfirewall, ipfilter or packet-filter. At least pf can also be loaded as kernel module so you don't need to recompile. Cheers, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD firewall, nat, kernel
Hi, I've just installed a FBSD 6.1 box and I want to install Firewall and NAT services. The handbook Firewall chapter indicates to compile Firewall if you want NAT. But, I could not find in the GENERIC file the IPFIREWALL options. Do you have an idea ? Thanks, Regi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
