FreeBSD firewall, nat, kernel

David Stanford dthomas53 at
Wed Jun 14 04:29:16 UTC 2006

On 6/14/06, Dennis Olvany <dennisolvany at> wrote:
> From a fresh install, a working nat should only require a few commands.
> Kernel compilation is not necessary.

I personally don't use the NAT function in my IPFW config, and thus just
reverted to the handbook,,,*cough*, excuse for the information.
Though, if this is the case you should probably submit a PR to the docs team
to avoid future confusion. :)

kldload ipfw
> kldload ipdivert
> sysctl net.inet.ip.forwarding=1
> dhclient xl0
> natd -dynamic -n xl0
> ipfw add divert natd ip from any to any via xl0
> ipfw add allow ip from any to any
> ifconfig rl0
> To make the config permanent, you just need to use the rc equivalents of
> those commands.
> /etc/rc.conf
> firewall_enable="yes"
> firewall_type="/etc/ipfw.rules"
> gateway_enable="yes"
> ifconfig_xl0="dhcp"
> ifconfig_rl0=""
> natd_enable="yes"
> natd_interface="xl0"
> /etc/ipfw.rules
> add divert natd ip from any to any via xl0
> add allow ip from any to any
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at"


[root at fbsd ~]# fortune
Happiness is just an illusion, filled with sadness and confusion.

More information about the freebsd-questions mailing list