Kernel Config for NAT
Robert Huff
roberthuff at rcn.com
Thu Apr 8 16:35:37 UTC 2010
I am planning to a) update a -CURRENT system to recent code,
and b) install ipfw+NAT.
The documentation in the Handbook is confusing and/or
incomplete. So far I have:
1) in /boot/loader.conf:
ipfw_load="YES"
ipdivert_load="YES"
2) in the kernel config:
#options IPFIREWALL #firewall
#options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
#options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
#options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
#options IPDIVERT
#options IPFIREWALL_NAT #ipfw kernel nat support
options LIBALIAS # required for NAT
3) in /etc/sysctl.conf:
net.inet.ip.fw.default_to_accept="1"
net.inet.ip.fw.verbose="1"
net.inet.ip.fw.verbose_limit="100
Is there anything else I need? (Assume I have a working set of
firewall rules.)
Is there anything I need to take out?
Respectfully,
Robert Huff
More information about the freebsd-ipfw
mailing list