On Sun, Jul 22, 2001 at 02:31:36PM -0400, Sam Carleton wrote:
> Manuel Bouyer wrote:
> 
> > Ha, NO ipfilter rules. ipfilter needs to be enabled for NAT to work.
> > Try 'ipf -E' to test. You may want to create a dummy /etc/ipf.conf with just
> >
> > pass in from any to any and enable ipf in /etc/rc.conf, so that ipf -E will
> > be run at boot.
> 
> Manuel,
> 
> This is very interesting.  You say that ipfilter needs to be enabled for NAT
> to work.  The rest of my ipnat.conf file is working just fine.  I have a
> number of computers behind the NetBSD machine and they CALL are able to access
> the Internet thanks to the first three lines of the ipnat.conf file.  But all
> the same I took your word for it and created a basic ipf.conf that simply has:
> 
> pass in from any to any
> 
> I set ipfilter=Yes in the /etc/rc.conf and rebooted.  When I ssh from the

ipfilter=YES
:)

Does the kernel print some message at boot time, like "IP filter enabled;
default=pass all" ?

--
Manuel Bouyer <bouyer@antioche.eu.org>
--