(more) confusion configuring NAT
Christopher Cowart
ccowart at rescomp.berkeley.edu
Wed Mar 19 14:15:24 PDT 2008
Robert Huff wrote:
>
> 1) when I add the nat instance, it assigns it rule # 65100. Is
> this a problem? Is there a way to assign my own rule #? (ipfw
> seems not to like two "add"s in the same line.)
>
> 2) NAT still doesn't work. Still connected, but can't surf to
> www.google.com using Firefox.
My kernel conf:
| options IPFIREWALL
| options IPFIREWALL_VERBOSE
| options IPFIREWALL_VERBOSE_LIMIT=100
| options IPFIREWALL_FORWARD
| options IPFIREWALL_NAT
| options LIBALIAS
My (abbreviated) ipfw.rules script:
| /sbin/ipfw -q nat 1 config if vlan98 log reset unreg_only same_ports
| $CMD allow all from any to any via lo0
| $CMD nat 1 ip4 from any to any
| $CMD allow icmp from any to any
| $CMD deny log ip from any to me
| $CMD allow ip4 from any to any
--
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080319/137decba/attachment.pgp
More information about the freebsd-questions
mailing list