Kernel Config for NAT
Robert Huff
roberthuff at rcn.com
Thu Apr 8 12:10:35 UTC 2010
Adam Vande More writes:
> > If compiled into the kernel, there's a set of optional settings
> > (VERBOSE, LOG_LINIT, DEFAULT_TO_ACCEPT, etc) that can be set there.
> > If using the module, how does one set these?
> >
> Logging is compiled into the modules and there are a few sysctl's. AFAIK,
> everything else is the same.
>
> http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
So ... double-checking I'm doing this right:
1) in /boot/loader.conf:
ipfw_load="YES"
ipdivert_load="YES"
2) in the kernel config:
#options IPFIREWALL #firewall
#options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
#options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
#options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
#options IPDIVERT
#options IPFIREWALL_NAT #ipfw kernel nat support
options LIBALIAS # required for NAT
3) in /etc/sysctl.conf:
net.inet.ip.fw.default_to_accept="1"
net.inet.ip.fw.verbose="1"
net.inet.ip.fw.verbose_limit="100"
That cover it?
Robert Huff
More information about the freebsd-questions
mailing list