src/share/ipf/nat.2 - view

Return to nat.2 CVS log

Up to [local] / src / share / ipf

File: [local] / src / share / ipf / Attic / nat.2 (download)

Revision 1.5, Wed Feb 17 23:27:09 1999 UTC (25 years, 3 months ago) by kstailey
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE, OPENBSD_2_9, OPENBSD_2_8_BASE, OPENBSD_2_8, OPENBSD_2_7_BASE, OPENBSD_2_7, OPENBSD_2_6_BASE, OPENBSD_2_6, OPENBSD_2_5_BASE, OPENBSD_2_5
Changes since 1.4: +8 -0 lines

reflect new behavior

		 Miscellaneous NAT Configuration Tips

Don't forget to add "net.inet.ip.forwarding=1" to /etc/sysctl.conf or NAT will
not work.  NAT requires IP packet forwarding.

Don't forget to add "option IPFILTER" (and maybe "option IPFILTER_LOG"
if you want ipmon(8) to work) to the kernel config file or NAT will
not work.  NAT requires the IPF packet filter.

You must have IPF enabled even if you aren't using it for anything or
NAT will not work.  The standard way to do this is to make sure
/etc/ipf.rules is installed and edit /etc/rc.conf changing
"ipfilter=NO" to "ipfilter=YES" then reboot.

When you bring up NAT it needs the interface to have an address.  If you are
using the ppp0 interface unless you start pppd from /etc/rc you cannot start
NAT there.  Instead, in the /etc/ppp/ip-up shell script add

/sbin/ipnat -CF -f /etc/ipnat.rules

to start NAT when the link comes up and the interface has an address.