rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type. The attached patch adds such support. I have used this change for a while to provide support for NAT on my server. Fix: n/a Patch attached with submission follows: How-To-Repeat: n/a
Responsible Changed From-To: freebsd-bugs->freebsd-rc Over to maintainer(s).
Responsible Changed From-To: freebsd-rc->freebsd-ipfw Not rc.d related, and I think the -ipfw folks are in a better position to determine if nat config falls into the "simple" category or not.
This patch is certainly needed to make 'simple' usable out of the box. I'd like to offer an alternative patch, reusing rather than duplicating the existing NAT code, making it a function with the same functionality. This patch also adds allowing outbound pings and essential ICMP to both 'client' and 'simple' rulesets, another long-term omission. I'd have also included the complementary ipv6-icmp rules from 'workstation' but I have no way to test and confirm their correctness. cheers, Ian
Responsible Changed From-To: freebsd-ipfw->hrs I'll take this.
Things have changed since then