NAT

handbook ru, en

Несколько способов организовать NAT В ядре нам понадобятся всего 2 строчки:       options IPFILTER и      options IPFILTER_LOG и  gateway_enable="yes"
 * natd Это извращение работает через divert socket и висит   демоном.
 * Для работы используется ipfw (штатный брандмауэр FreeBSD) handbook
 * ipnat силами ipfilter
 * pf (одной строкой nat on $ext_if from $int_net to any -> $ext_addr)
 * ng_nat

"natd" is a divert daemon enabled by "natd_enable="YES"" in /etc/rc.conf.

IPDIVERT означает включение демона маскарадинга natd, IPFIREWALL_DEFAULT_TO_ACCEPT означает, что ваш файервол по дефолту будет открытым.

Is there any way to set divert enabled without recompiling my kernel with IPDIVERT included?

In order to have ipfw with nat support enabled you need to have kernel sources and to recompile ipfw.

ipfw nat is much more faster because it is performed in kernel.

IPFW is composed of seven components, the primary component is the kernel firewall filter rule processor and its integrated packet accounting facility, the logging facility, the divert rule which triggers the NAT facility, and the advanced special purpose facilities, the dummynet traffic shaper facilities, the fwd rule forward facility, the bridge facility, and the ipstealth facility.

natd
/boot/loader.conf ipfw_load="YES" ipdivert_load="YES"

net.inet.ip.fw.default_to_accept=1 >> /etc/sysctl.conf (надо ли, когда и так есть firewall_type="OPEN").

/etc/rc.conf gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="age0"
 * 1) natd_flags="-redirect_port tcp 172.16.0.2:39701 22"

NAT
/etc/rc.conf firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="age0" natd_flags=""

static_routes="net1 net2 net3 net4 multicast1 multicast2 multicast3 multicast4" route_net1="-net 10.0.0.0/8 10.80.192.1" По идее не требуется в ядре активировать ipfirewall, а возможно модулем сделать (?)
 * Kernel

cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/GENERIC_NAT diff /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/GENERIC_NAT options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE cd /usr/src make buildkernel KERNCONF=GENERIC_NAT make installkernel KERNCONF=GENERIC_NAT
 * 1) NAT

Конфиг (надо уточнить, в каком файле)

 deny_incoming yes use_sockets yes same_ports yes dynamic yes /PRE>

http://www.rootbsd.net/ ++ also supports the FreeBSD community. http://nqhost.com/freebsd-vps.html ++ http://arpnetworks.com/vps http://bsdvm.com/ http://www.tilaa.nl/pages/vps http://www.verio.com/web-hosting/freebsd-vps/ http://www.nyi.net/calc/dedi_calc.php 125.00 за самое дешевое http://www.reliacloud.com/cloudservers/pricing/