Natd/Gateway=yes vs 5.3
John Murphy
sub01 at freeode.co.uk
Sun Nov 14 13:42:22 GMT 2004
Francisco Reyes wrote:
>Migrating a 4.10 box.
>Copied data to a second drive.
>Installed 5.3
>Changed kernel to add
>
>options IPFIREWALL
>options IPFIREWALL_VERBOSE
>options "IPFIREWALL_VERBOSE_LIMIT"=50
>options IPDIVERT
>
>In /etc/rc.conf have
>firewall_enable="YES"
>firewall_logging="YES" # Set to YES to enable events logging
>firewall_quiet="NO"
>firewall_type="open"
>gateway_enable="YES"
>natd_enable="YES" # Enable natd (if firewall_enable == YES).
>natd_flags="-f /etc/natd.conf" # Set rules file for the NAT daemon
>natd_interface="ed0"
I've been reading the (excellent) firewall section of the handbook at:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
Section 14.9.6.3 /etc/rc.conf Options says:
If you don't have IPFW compiled into your kernel you will need to
load it with the following statement in your /etc/rc.conf:
firewall_enable="YES"
Perhaps you have two ipfws, the kld and the one in the kernel.
Section 14.9.6.5.7 An Example NAT and Stateful Ruleset says:
The kernel source needs 'option divert' statement added to the other
IPFIREWALL statements compiled into a custom kernel.
So I guess that supersedes your "options IPDIVERT" entry.
--
HTH, John.
More information about the freebsd-questions
mailing list