Setting up a NAT without a firewall

Paul Hoffman phoffman at
Tue May 4 09:50:10 PDT 2004

Off-list, someone pointed out to me that ipnat is *much* easier to 
deal with than IPFIREWALL and all its baggage. No kernel rebuilding, 
no juggling with the firewall. Nice. For those of you in the same 
situation as me, definitely look into ipnat.

My system gets its external address from my ISP's DHCP server on 
interface em0. The machines in my house are connected to a switch 
that is attached to itnerface rl0.

Relevant stuff in /etc/rc.conf:

ifconfig_rl0="inet netmask"

Contents of /etc/ipnat.conf:

map em0 -> 0/32

Two notes not covered in the ipnat man pages:

- The man page doesn't say which interface name you use in the map 
statement; it's the external interface.

- If you get your external IP address from DHCP, you can use "0/32" 
as the target. This is very handy.

--Paul Hoffman

More information about the freebsd-questions mailing list