enabling NAT under -CURRENT
Robert Huff
roberthuff at rcn.com
Tue Feb 9 18:05:29 UTC 2010
(Please CC: me, as I am not subscribed.)
Hello:
I'm rebuilding a machine with today's source, and have run into
a confusion.
Section 30.6.1 of the Handbook says:
IPFW is included in the basic FreeBSD install as a
separate run time loadable module. The system will
dynamically load the kernel module when the rc.conf
statement firewall_enable="YES" is used. There is no need
to compile IPFW into the FreeBSD kernel unless NAT
functionality is desired.
Section 30.6.2 of the Handbook says:
options IPDIVERT
This enables the use of NAT functionality.
However, section 31.9.3 says:
The kernel features for network address translation with
natd(8) are not enabled in the GENERIC kernel, but they can be
preloaded at boot time, by adding a couple of options to
/boot/loader.conf:
ipfw_load="YES"
ipdivert_load="YES"
Also:
huff@> find /boot/kernel -name "ipf*.ko"
/boot/kernel/ipfw.ko
/boot/kernel/ipfw_nat.ko
?????
What is the current working and prefered way to get ipfw+NAT
working?
Respectfully,
Robert Huff
More information about the freebsd-ipfw
mailing list