Kernel Config for NAT
Adam Vande More
amvandemore at gmail.com
Thu Apr 8 15:57:06 UTC 2010
On Thu, Apr 8, 2010 at 7:10 AM, Robert Huff <roberthuff at rcn.com> wrote:
>
> 1) in /boot/loader.conf:
>
> ipfw_load="YES"
> ipdivert_load="YES"
>
> 2) in the kernel config:
>
> #options IPFIREWALL #firewall
> #options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
> #options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
> #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
> #options IPDIVERT
> #options IPFIREWALL_NAT #ipfw kernel nat support
> options LIBALIAS # required for NAT
>
> 3) in /etc/sysctl.conf:
>
> net.inet.ip.fw.default_to_accept="1"
> net.inet.ip.fw.verbose="1"
> net.inet.ip.fw.verbose_limit="100
>
That's actually a good question considering the lack of documentation. If
that works then great, but one wonders what the ipfw_nat modules is for?
...
looks like it's tied into libalias apparently a replacement for natd.
http://wiki.freebsd.org/Libalias
That seems to be a major problem with those GsoC projects, even if they get
something good working there is frequently no documentation with it. Then
it sits there mostly unused waiting for bitrot to set in. I don't know the
structure of GsoC, but if it's possible for the mentor to *strongly*
encourage documentation checkpoints(manpages, not wiki) I think these
projects would be better utilized.
--
Adam Vande More
More information about the freebsd-questions
mailing list