NATD Firewall Rules Setup

Micheal Patterson micheal at
Sat Aug 23 22:51:00 PDT 2003

----- Original Message ----- 
From: "Thomas Smith" <tom at>
To: <freebsd-questions at>
Sent: Friday, August 22, 2003 1:40 PM
Subject: NATD Firewall Rules Setup

> I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
> locked down as I need it to be but am having issues getting NAT working.
> The firewall config file is included below.
> Note that if I add the "allow all" rule to the end of the file NAT works
> fine. I'm certain its an IPFW issue but haven't been able to figure it
> out--as I'm a bit new to IPFW and FreeBSD, pointers to documentation
> (preferably with examples of usage) would be very helpful. I haven't
> been able to find a lot of info outside of the Handbook and what I do
> find regarding NAT includes three rules: 1) flush, 2) divert, 3) allow
> all traffic.


> # Allow NAT traffic out.
> /sbin/ipfw add divert natd all from any to any via ${oif}

Unless things have changed since I started using NAT years ago with 2.7,
your rule to divert to NAT needs to be the very first rule of your firewall.
Any rules after will still be processed as normal since NAT reinjects the
packet back into the firewall at the next rule number for any additional


Micheal Patterson
Network Administration
Cancer Care Network

More information about the freebsd-questions mailing list