FreeBSD firewall, nat, kernel
Dennis Olvany
dennisolvany at gmail.com
Wed Jun 14 04:16:48 UTC 2006
From a fresh install, a working nat should only require a few commands.
Kernel compilation is not necessary.
kldload ipfw
kldload ipdivert
sysctl net.inet.ip.forwarding=1
dhclient xl0
natd -dynamic -n xl0
ipfw add divert natd ip from any to any via xl0
ipfw add allow ip from any to any
ifconfig rl0 192.168.100.253/24
To make the config permanent, you just need to use the rc equivalents of
those commands.
/etc/rc.conf
firewall_enable="yes"
firewall_type="/etc/ipfw.rules"
gateway_enable="yes"
ifconfig_xl0="dhcp"
ifconfig_rl0="192.168.100.253/24"
natd_enable="yes"
natd_interface="xl0"
/etc/ipfw.rules
add divert natd ip from any to any via xl0
add allow ip from any to any
More information about the freebsd-questions
mailing list