Kernel Config for NAT
n j
nino80 at gmail.com
Fri Apr 9 07:57:26 UTC 2010
> That's actually a good question considering the lack of documentation. If
> that works then great, but one wonders what the ipfw_nat modules is for?
> looks like it's tied into libalias apparently a replacement for natd.
Here's my kernel configuration:
[--snip--]
options IPFIREWALL # enable ipfw firewall
options IPDIVERT # for divert funcionality -
not really required
options IPFIREWALL_FORWARD # for ipfw forward functionality
options IPFIREWALL_NAT # for in-kernel nat
options LIBALIAS # req'd by ipfirewall_nat
[--snip--]
If I'm to trust the comment I wrote quite a while ago, IPDIVERT is not
necessary. Also, IPFIREWALL_FORWARD is not really needed for NAT, this
is specific to my setup. So, basically that leaves IPFIREWALL,
IPFIREWALL_NAT and LIBALIAS as the necessary tweaks in kernel conf for
NAT to work.
Note, this configuration enables the in-kernel NAT which is
(relatively) recent addition to FreeBSD. You turn it on like this:
ipfw nat 123 config ip 192.168.0.123 log
ipfw add nat 123 all from any to any
In my experience, it works pretty well and I consider it a big
improvement over running natd and diverting packets to it.
Regards,
--
Nino
More information about the freebsd-ipfw
mailing list