Thomas T. Veldhouse veldy at veldy.net
Wed Jan 7 05:41:56 PST 2004

C. Kukulies wrote:
> Just a question: Are IPDIVERT and IPFIREWALL still valid options to
> enable
> NAT and firewall in the kernel or have they been deprecated.
> Just built a kernel with these options and it always gives
> permission denied when I want to ping to some address.
> Could someone give me a short advice which way to go with the
> following configuration:
> Internet--------DSL--------FreeBSD gateway------Wlan (((((((((
>                            192.168.254.x pppoe with -nat option
>                                 |
>                                 |
>                              LAN 192.168.0.x
>                                 |
>                                 |
>                          other machines that want to
>                          use e.g. port 16967-16969 (squidcam)
> I have no firewall active at present. NAT to the WLAN works fine.
> But when I want to do also NAT to the LAN, I wonder what the way to
> go would be best?
> Run natd? Do it just by rc.firewall?

The default for firewall rules is to deny all traffic.  There are two ways
around this.  You can enable the firewall or you can default the rules to
accept by building option options IPFIREWALL_DEFAULT_TO_ACCEPT into your
kernel (not recommended).

Take a look at /etc/rc.firewall for more information .....  RTM

Tom Veldhouse

More information about the freebsd-current mailing list