Subject: Re: getting ipnat working
To: James Wetterau <jwjr@ignition.name.net>
From: David Maxwell <david@fundy.ca>
List: current-users
Date: 12/01/1999 00:20:32
On Tue, Nov 30, 1999 at 10:48:18PM -0500, James Wetterau wrote:
>
> Well, that's the heart of the matter, so it's important to answer it
> decisively. The man pages say:
>
> Please Note That ipnat is not functional without ipf(8) running. In ad-
> dition, the following kernel options need to be turned on in order to use
> ipnat: GATEWAY, IPFORWARDING and PFIL_HOOKS. The sysctl
> ``sysctl net.inet.ip.forwarding''
I think it may be possible to use the 'rdr' functions
of ipnat without ip forwarding turned on.
Nonetheless, with both ipf and ipnat, I'd say it's much more
common to want ip forwarding turned on than turned off - and
the person configuring the more sophisticated situation where
it is off should know how to fix that.
I'd like to see:
ipfilter=YES # uses /etc/ipf.conf
ipnat=YES
ipf_nat_without_forwarding=YES
And turn forwarding on with sysctl if ((ipfilter || ipnat
) && !ipf_nat_without_forwarding)
--
David Maxwell, david@vex.net|david@maxwell.net -->
Any sufficiently advanced Common Sense will seem like magic...
- me