ipfw3

nans_nans1 at yahoo.de nans_nans1 at yahoo.de
Wed Jun 24 04:57:55 PDT 2015


Now it works! The  mistake was a misconfigured DNS!

For a working NAT/Firewall i do finally the following steps (INT-NIC: bnx0, OUT-NIC:bnx1):

1. Configure a kernel with "IPFIREWALL_DEFAULT_TO_ACCEPT" option.

2. Add "gateway_enable="YES" " in /etc/rc.conf.

3. Make a simple NAT/Firewall-Script:
___

#!/bin/sh
kldload ipfw3_nat
kldload ipfw3_layer4

ipfw3 flush

ipfw3 add allow all via bnx0

ipfw3 nat 1 config if bnx1
ipfw3 add nat 1 all via bnx1

ipfw3 add check-state
ipfw3 add allow all established
ipfw3 add allow all out via bnx1 keep-state

ipfw3 add deny all
___

Is this a good script for effective NAT (fast throughput) and a safe firewall (all out - nothing in) for home or small office? Any suggestions? 




--------------------------------------------
bycn82 <bycn82 at gmail.com> schrieb am Di, 23.6.2015:

 Betreff: Re: ipfw3
 An: nans_nans1 at yahoo.de
 CC: "users at dragonflybsd.org" <users at dragonflybsd.org>
 Datum: Dienstag, 23. Juni, 2015 18:53 Uhr
 
 what is the
 result?
 line 100 allow
 allline 200 nat 1
 tcp via xxx
 sure it doesnt
 work
 On 23 June 2015 at 21:36, 
 <nans_nans1 at yahoo.de>
 wrote:
 now i
 write a small script:
 
 
 
 kldload ipfw3_nat
 
 ipfw3 add allow all
 
 ipfw3 nat 1 config if bnx1
 
 ipfw3 add nat 1 tcp via bnx1
 
 
 
 
 
 But nat/firewalling still dont work.
 
 
 
 Any more suggestions?
 
 
 
 
 
 --------------------------------------------
 
 bycn82 <bycn82 at gmail.com>
 schrieb am Di, 23.6.2015:
 
 
 
  Betreff: Re: ipfw3
 
  An: nans_nans1 at yahoo.de
 
  CC: "users at dragonflybsd.org"
 <users at dragonflybsd.org>
 
  Datum: Dienstag, 23. Juni, 2015 02:46 Uhr
 
 
 
  you can write
 
  a script to load the modules and firewall rules
 
  first.
 
  On 22 June 2015 at 23:39,
 
  <nans_nans1 at yahoo.de>
 
  wrote:
 
  yes, you are right: There is no
 
  traffic out via bnx1.
 
 
 
  It's for a business company. So no teamviewer is
 
  possible.
 
 
 
 
 
 
 
  Is there anything else what could be wrong, maybe in
 
  rc.conf?
 
 
 
  What about natd_enable ?
 
 
 
 
 
 
 
  --------------------------------------------
 
 
 
  bycn82 <bycn82 at gmail.com>
 
  schrieb am Mo, 22.6.2015:
 
 
 
 
 
 
 
   Betreff: Re: ipfw3
 
 
 
   An: nans_nans1 at yahoo.de
 
 
 
   CC: "users at dragonflybsd.org"
 
  <users at dragonflybsd.org>
 
 
 
   Datum: Montag, 22. Juni, 2015 17:27 Uhr
 
 
 
 
 
 
 
   ​yes,
 
 
 
   if you are
 
 
 
   using the latest Dragonfly​BSD source,then you can
 
 
 
   print the NAT records like
 
  "ip show nat
 
 
 
   translation" on cisco routers. 
 
 
 
   On 22 June 2015 at 23:22,
 
 
 
   <nans_nans1 at yahoo.de>
 
 
 
   wrote:
 
 
 
   That is a
 
 
 
   good question. Is "tcpdump -nettti bnx1"
 the
 
  right
 
 
 
   command to verify this?
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
   --------------------------------------------
 
 
 
 
 
 
 
   bycn82 <bycn82 at gmail.com>
 
 
 
   schrieb am Mo, 22.6.2015:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    Betreff: Re: ipfw3
 
 
 
 
 
 
 
    An: nans_nans1 at yahoo.de
 
 
 
 
 
 
 
    Datum: Montag, 22. Juni, 2015 17:11 Uhr
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    but do you
 
 
 
 
 
 
 
    have any traffic go out via bnx1 ?​
 
 
 
 
 
 
 
    On 22 June 2015 at 23:08,
 
 
 
 
 
 
 
    <nans_nans1 at yahoo.de>
 
 
 
 
 
 
 
    wrote:
 
 
 
 
 
 
 
    ok. i try it on another machine with
 
 
 
 
 
 
 
    4.3 and without the options in kernel config. The
 
  result
 
 
 
   is
 
 
 
 
 
 
 
    the same.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    Some data:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    Internal NIC: bnx0, 192.168.100.188/24
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    External NIC: bnx1, 192.168.10.229/24
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    rc.conf:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    gateway_enable="YES"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    defaultrouter="192.168.10.200"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    Then:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    kldload ipfw3_nat
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw3 nat 1 config if bnx1
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw3 add nat 1 tcp via bnx1
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    The outputs:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    kldstat:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    kernel
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    acpi.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ehci.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    xhci.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw3_nat.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw3_basic.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw3.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    libalias.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw3 show:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    00100   0   0   nat 1 tcp via bnx1
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    65535  699  51067  deny
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw3 nat show config:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    ipfw nat 1 config if bnx1
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    Is something wrong?
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    --------------------------------------------
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
    bycn82 <bycn82 at gmail.com>
 
 
 
 
 
 
 
    schrieb am Mo, 22.6.2015:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     Betreff: Re: ipfw3
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     An: nans_nans1 at yahoo.de
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     CC: "users at dragonflybsd.org"
 
 
 
 
 
 
 
    <users at dragonflybsd.org>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     Datum: Montag, 22.
 
 
 
 
 
 
 
    Juni, 2015 15:33 Uhr
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     ​your rules
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     are correct.and you
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     don't need to add the
 
 
 
 
 
 
 
    options in kernel config file,
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     that belongs to ​IPFW
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     please provide
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     output of below commands:1.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     kldstat2. ipfw3
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     show3. ipfw3 nat
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     show config
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     On 22 June 2015 at 21:08,
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     <nans_nans1 at yahoo.de>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     wrote:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     Sorry,
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     but this dont work.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     My external nic is ue0 and my internal nic is
 em0.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     I run 4.3 and a kernel with the following
 options:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     options IPFIREWALL
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     options IPDIVERT
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     options IPFIREWALL_DEFAULT_TO_ACCEPT
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     options IPFIREWALL_VERBOSE
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     What i do:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     In /etc/rc.conf: gateway_enable="YES"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     Then:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     kldload ipfw3_nat
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     ipfw3 nat 1 config if ue0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     ipfw3 add nat 1 tcp via ue0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     The result is that NAT don't work.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     What is wrong with my configuration? Have i
 
  forgotten
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     something?
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     --------------------------------------------
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     bycn82 <bycn82 at gmail.com>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     schrieb am Mo, 22.6.2015:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      Betreff: Re: ipfw3
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      An: nans_nans1 at yahoo.de
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      CC: "users at dragonflybsd.org"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     <users at dragonflybsd.org>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      Datum: Montag, 22. Juni, 2015 01:47 Uhr
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      hi,
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      sorry for
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      lacking of documentation. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      below are
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      sample steps to use in-kernel NAT with ipfw3.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      Step1:  make
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      sure the ipfw3_nat module was loaded
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      dev03#kldstat | grep
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      ipfw3_nat 5    1 0xffffffff83242000
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      3000     ipfw3_nat.ko
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      if the modules was not loaded,
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      then below command to load the kernel module
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      dev03#kldload
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      ipfw3_nat
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      Step2: prepare
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      NAT config
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      dev03#ipfw3 nat 1 config
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      if em0ipfw nat
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      1 config if em0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      which
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      means it will do MASQUERADE using interface
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      em0.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      Step3: NAT the
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      traffic.  NAT is just ip translate. so both
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      direction should go through the same NAT
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      config.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      dev03#ipfw3
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      add nat 1 tcp via em0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      this means both in and out traffic
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      on interface em0 will be filtered/ translated
 by
 
 
 
   NAT
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     config
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      id 1.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      hope this helps, please try it and
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      if you have any question, just let me
 know, and
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      if you can help to come up with an tutorial by
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     rephrasing
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      this and append with your experience, that
 would
 
  be
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     very
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      helpful.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      http://www.dragonflybsd.org/docs/ipfw2/
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      is an wiki, there is a "edit page"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      link. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      regards,bycn82
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      On 22 June 2015 at 02:31,
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      <nans_nans1 at yahoo.de>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      wrote:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      Can
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      someone give me detailed/complete instructions
 
  how
 
 
 
   to
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      realize simple working nat with ipfw3
 (including
 
 
 
 
 
 
 
    rc.conf
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     and
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      configuration files).
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      The informations on these sites turns out to be
 
 
 
   sadly
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
     sparse
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      for me:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      https://www.dragonflybsd.org/docs/ipfw2/
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
      http://www.dragonflybsd.org/docs/ipfw2/modules/
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 



More information about the Users mailing list