Subject: Re: Setting up NAT and then a firewall...
To: Sam Carleton <>
From: Manuel Bouyer <>
List: tech-security
Date: 07/23/2001 21:59:28
On Sun, Jul 22, 2001 at 02:31:36PM -0400, Sam Carleton wrote:
> Manuel Bouyer wrote:
> > Ha, NO ipfilter rules. ipfilter needs to be enabled for NAT to work.
> > Try 'ipf -E' to test. You may want to create a dummy /etc/ipf.conf with just
> >
> > pass in from any to any and enable ipf in /etc/rc.conf, so that ipf -E will
> > be run at boot.
> Manuel,
> This is very interesting.  You say that ipfilter needs to be enabled for NAT
> to work.  The rest of my ipnat.conf file is working just fine.  I have a
> number of computers behind the NetBSD machine and they CALL are able to access
> the Internet thanks to the first three lines of the ipnat.conf file.  But all
> the same I took your word for it and created a basic ipf.conf that simply has:
> pass in from any to any
> I set ipfilter=Yes in the /etc/rc.conf and rebooted.  When I ssh from the


Does the kernel print some message at boot time, like "IP filter enabled;
default=pass all" ?

Manuel Bouyer <>