NAT/DIVERT Issues in 5.2.1 Release

JJB Barbish3 at
Sat Sep 11 03:59:15 PDT 2004

Your question is way to vague. You have to post your ipfw rules file
and the contents of rc.conf for people to review before anybody can
help you. First piece of advice is to not use the default firewall
rules as its way outdated and does more to confuse a person than
really work as an firewall rule set. Second you should read the
complete rewrite of the handbook firewall section at  for details on configuring ipfw.

-----Original Message-----
From: owner-freebsd-questions at
[mailto:owner-freebsd-questions at]On Behalf Of Denis
Sent: Friday, September 10, 2004 10:58 PM
To: freebsd-questions at
Subject: NAT/DIVERT Issues in 5.2.1 Release

I've just completed a frustrating day of attempting to get nat
on 5.2.1 RELEASE. I've very familiar with using FreeBSD as a nat
enabled Internet gateway, I have set this up on many machines with
prior versions.

I've compiled my kernel with the ip divert and firewall options
needed. I have enabled the firewall and natd in my rc.conf, and have
(for now) set firewall type to open and gateway_enable="yes".

The setup simply won't work, the appropriate rules are in the
firewall, and the natd daemon is running. The main thing I find that
doesn't make sense is running "ipfw -a l" lists the divert rule but
its values are zeroed out such that it has been used.

Is there an issue with nat on 5.2.1-RELEASE? I've even tried
a kernel from cvsup (5.2.1-RELEASE-p9 I believe).

Any suggestions on where I might have messed this up would be
freebsd-questions at mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list