Re: natd problem -- pass specific IP to internal machine

Reply: Gary Aitken : "Re: natd problem -- pass specific IP to internal machine"
In reply to: Gary Aitken : "natd problem -- pass specific IP to internal machine"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Frank Leonhardt <freebsd-doc_at_fjl.co.uk>
Date: Wed, 12 Feb 2025 12:42:12 UTC

On 09/02/2025 17:28, Gary Aitken wrote:
> my natd has been translating fine using:
>
> interface xl0
> use_sockets yes
> same_ports yes
> unregistered_only yes
>
> However, I am having an issue with a particular internal system (solar 
> inverter)
> and I would like to be able to tcpdump it on the external interface.
>
As no one experienced with natd has replied, an observation: After a 
decade or more of struggling with ipfw+natd, because it was the 
"FreeBSD" solution, I discovered PF and have never never looked back 
after fifteen years. I just wish someone had told me earlier. The 
FreeBSD documentation gives equal weight to multiple solutions in 
various places and would be better if it said "this is the old system 
that hardly anyone uses" more often, so you knew which to pick first.

The final straw for me was to do with NAT loopback, and it required a 
custom kernel build to get it to work. I can't remember the details. PF, 
on the other hand, just works and there is at least one excellent book 
explaining how to use it in plain English. I use it as a NAT gateway in 
all sorts of places and it's really easy to configure it to do what you 
want. The configuration file is simple and it does what you expect (and 
NAT etc is built in).

If anyone feels I'm missing something great I simply haven't understood 
about ipfw+natd I'd love to hear it.

Regards, Frank.