nat and firewall

fire jotawski jotawski at gmail.com
Wed Sep 24 09:47:44 UTC 2008 

On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 <fbsd1 at a1poweruser.com> wrote:

>
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of fire jotawski
> Sent: Wednesday, September 24, 2008 12:13 PM
> To: freebsd-questions at freebsd.org
> Subject: nat and firewall
>
> hi sirs,
>
> i am confused now that what is the difference between nat and firewall_nat
> in /etc/rc file
>
> natd_enable="YES"
> firewall_nat_enable="YES"
>
> just one question per asking.  there will be another more questions about
> this but for this moment only this one first.
>
> thanks in advance for any helps and hints
>
> regards,
> psr
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to freebsd-questions-unsubscribe at freebsd.org
>

sorry for top posting
first of all thanks indeed for your answers

>
>
> natd_enable="YES"  This statement in rc.conf enables ipfw nated function.
> firewall_nat_enable="YES"  This is an invalid statement. No such thing as
> you have here.



i found firewall_nat_enable in /etc/rc.firewall
my machine is
%uname -a
FreeBSD makham.serveblog.net 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep  4
09:48:32 ICT 2008     root at makham.serveblog.net:/usr/obj/usr/src/sys/SITING
i386
%



> FreeBSD has 3 different built in firewall for you to chose from. IPFW,
> Ipfilter, and PF
> Review /etc/defaults/rc.conf for their statements.
> It would do you good to read the firewall section of the FreeBSD Handbook
> for a complete explanation of the 3 firewalls and the differences between
> them.
> In my option the PF firewall has the easiest to use rule set and built in
> table functions for automated black listing attacking IP address. Its major
> weakness is it has very poorly designed logging function that results in
> very cumbersome usage.
> IPFilter comes next. It has easy logging and rules usage. It lacks the auto
> black listing table building of PF. These two firewalls were ported to
> FreeBSD from other Unix flavored operating systems. Both have teams
> supporting and maintaining them.
> The final firewall is IPFW that is the first firewall included in FreeBSD
> many years ago and was developed by the FreeBSD team. IPFW also lacks the
> auto black listing table building of PF, and its nated rules are much
> harder
> to get working using all stateful rules. IPFW had a major coding overhaul a
> few years back but the inhered design flaw of how nated rules are handled
> was not touched. Grape vine says IPFW nated code is a messed up can of
> worms
> and no one wants to touch it.
> I have used all 3 firewalls at one time or another to learn about them. I
> found IPFilter to be the easiest to use and get logging out put in standard
> format like all the other FreeBSD logs are.  But you should ready the
> handbook and decide for your self what best satisfies your firewall needs.
>

thanks indeed for your answers. i will ask more questions regarding to natd
and firewall again after reading handbook.

regards,
psr

More information about the freebsd-questions mailing list