> That's actually a good question considering the lack of documentation. If > that works then great, but one wonders what the ipfw_nat modules is for? > looks like it's tied into libalias apparently a replacement for natd.
Here's my kernel configuration: [--snip--] options IPFIREWALL # enable ipfw firewall options IPDIVERT # for divert funcionality - not really required options IPFIREWALL_FORWARD # for ipfw forward functionality options IPFIREWALL_NAT # for in-kernel nat options LIBALIAS # req'd by ipfirewall_nat [--snip--] If I'm to trust the comment I wrote quite a while ago, IPDIVERT is not necessary. Also, IPFIREWALL_FORWARD is not really needed for NAT, this is specific to my setup. So, basically that leaves IPFIREWALL, IPFIREWALL_NAT and LIBALIAS as the necessary tweaks in kernel conf for NAT to work. Note, this configuration enables the in-kernel NAT which is (relatively) recent addition to FreeBSD. You turn it on like this: ipfw nat 123 config ip 192.168.0.123 log ipfw add nat 123 all from any to any In my experience, it works pretty well and I consider it a big improvement over running natd and diverting packets to it. Regards, -- Nino _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
