When to use and not use divert/natd ...
John Case
case at SDF.ORG
Sat Sep 6 03:15:48 UTC 2014
Hello,
For many years I would build FreeBSD firewalls and they would be very,
very simple - I just set gateway_enable="yes" in rc.conf and everything
just worked.
However, these firewalls *always* had real, routable IPs no both sides.
Both interfaces had real, routable IPs.
Now I have a firewall that has two non-routable IPs for its interfaces,
and is connected to a internet router with the real IP. When I try to
builda very simple firewall it does not work, and I am forced to use
ipdivert and natd.
If I use ipdivert and natd, it works just fine.
So, am I correct that I can create a simple gateway without natd/divert as
long as both interfaces are real IPs, but if both interfaces are
non-routable IPs, I am forced to use divert/natd ?
Is that correct ?
More information about the freebsd-net
mailing list