Off-list, someone pointed out to me that ipnat is *much* easier to deal with than IPFIREWALL and all its baggage. No kernel rebuilding, no juggling with the firewall. Nice. For those of you in the same situation as me, definitely look into ipnat.

My system gets its external address from my ISP's DHCP server on interface em0. The machines in my house are connected to a switch that is attached to itnerface rl0.

Relevant stuff in /etc/rc.conf:

ifconfig_rl0="inet netmask"

Contents of /etc/ipnat.conf:

map em0 -> 0/32

Two notes not covered in the ipnat man pages:

- The man page doesn't say which interface name you use in the map statement; it's the external interface.

- If you get your external IP address from DHCP, you can use "0/32" as the target. This is very handy.

--Paul Hoffman
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to