NAT/DIVERT Issues in 5.2.1 Release

[JJB]

Your question is way to vague. You have to post your ipfw rules file
and the contents of rc.conf for people to review before anybody can
help you. First piece of advice is to not use the default firewall
rules as its way outdated and does more to confuse a person than
really work as an firewall rule set. Second you should read the
complete rewrite of the handbook firewall section at
www.a1poweruser.com/FBSD_firewall/  for details on configuring ipfw.

-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Denis
Lemire
Sent: Friday, September 10, 2004 10:58 PM
To: freebsd-questions at freebsd.org
Subject: NAT/DIVERT Issues in 5.2.1 Release


I've just completed a frustrating day of attempting to get nat
working
on 5.2.1 RELEASE. I've very familiar with using FreeBSD as a nat
enabled Internet gateway, I have set this up on many machines with
prior versions.

I've compiled my kernel with the ip divert and firewall options
needed. I have enabled the firewall and natd in my rc.conf, and have
(for now) set firewall type to open and gateway_enable="yes".

The setup simply won't work, the appropriate rules are in the
firewall, and the natd daemon is running. The main thing I find that
doesn't make sense is running "ipfw -a l" lists the divert rule but
its values are zeroed out such that it has been used.

Is there an issue with nat on 5.2.1-RELEASE? I've even tried
compiling
a kernel from cvsup (5.2.1-RELEASE-p9 I believe).

Any suggestions on where I might have messed this up would be
excellent.
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"