Network: Network Address Translation (natd)
(last edit: 2000-11-22)
                   <http://www.freebsd.org/cgi/man.cgi?natd>

The following steps are necessary before attempting to run natd:

     1.   Get FreeBSD version 2.2 or higher.  Versions before this do not sup­
          port divert(4) sockets.

     2.   Build a custom kernel with the following options:

            options IPFIREWALL
            options IPDIVERT

          Refer to the handbook for detailed instructions on building a custom
          kernel.

     3.   Ensure that your machine is acting as a gateway.  This can be done
          by specifying the line

            gateway_enable=YES

          in /etc/rc.conf, or using the command

            sysctl -w net.inet.ip.forwarding=1

     4.   If you wish to use the -n or -interface flags, make sure that your
          interface is already configured.  If, for example, you wish to spec­
          ify tun0 as your interface, and you're using ppp(8) on that inter­
          face, you must make sure that you start ppp prior to starting natd.

     5.   Create an entry in /etc/services:

          natd          8668/divert  # Network Address Translation socket

          This gives a default for the -p or -port flag.

     Running natd is fairly straight forward.  The line

       natd -interface ed0

     should suffice in most cases (substituting the correct interface name).
     Once natd is running, you must ensure that traffic is diverted to natd:

     6.   Enable your firewall by setting

            firewall_enable=YES

          in /etc/rc.conf. This tells the system startup scripts to run the
          /etc/rc.firewall script.  If you don't wish to reboot now, just run
          this by hand from the console.  NEVER run this from a virtual ses­
          sion unless you put it into the background.  If you do, you'll lock
          yourself out after the flush takes place, and execution of
          /etc/rc.firewall will stop at this point - blocking all accesses
          permanently.  Running the script in the background should be enough
          to prevent this 


This is wat I've put in my kernel:

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_VERBOSE
options IPFILTER
options IPFILTER_LOG
options "IPFIREWALL_VERBOSE_LIMIT=100"
options IPFIREWALL_DEFAULT_TO_ACCEPT
options MROUTING

And in my rc.local:

gateway_enable="YES"
firewall_enable="YES"
firewall_type="UNKNOWN"
firewall_quiet="NO"
natd_enable="YES"
natd_interface="ed0"
natd_flags="-m -s"


WIndows machine

Set gateway to private space ip address of FreeBSD machine.
Fill in DNS servers, perferrable the DNS servers of your ISP.

Set your browser/mail client to use the LAN instead of Dail-Up

And that's all I had to do to make it work