just a couple quick pf/nat questions

Louis LeBlanc FreeBSD at keyslapper.org
Mon Dec 13 12:35:24 PST 2004


Ok, I'm slowly coming out of the fog here, but it looks like I might
still have a way to go.

I finally found the part in the handbook that said I didn't have to
compile in the IPFW* and IPDIVERT configs into the kernel *UNLESS* I
wanted NAT.  Well, I do, but I didn't comple the kernel with IPFIREWALL
et. al.

Still, I'm planning to migrate to pf, since it's "supposed" to be
better.  It seems (from my murky understanding) like it would make
tricky NAT stuff easier, so there would be some benefits (battle.net,
here I come :).

Problem is, it seems like there's a whole new logical approach with pf,
and I can't figure out if pf does the NAT itself or if you still need
the nat_enable etc.

Also, with ipfw, I just ran a script that grabbed the current dynamic IP
and used it when the script was run.  How does pf handle dynamic IPs?
If I'm understanding the pf manual at OpenBSD.org, it will simply take
the network interface and apply any IP assigned to a given rule.  Am I
right?

Has anyone else gotten pf running to their satisfaction on 5.3?

And are there any pf config generation pages out there yet?

I also noticed that all the sample scripts I've looked at seem to
specify ports with either an explicit port number or a macro defined
right in the config.  I take it pf doesn't use the service tags from
/etc/services?

Thanks all.

Lou
-- 
Louis LeBlanc               FreeBSD at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     Ô¿Ô¬

Van Roy's Truism:
  Life is a whole series of circumstances beyond your control.


More information about the freebsd-questions mailing list