IPFW with user-ppp's NAT
Dan Nelson
dnelson at allantgroup.com
Sun Mar 16 02:16:15 UTC 2008
In the last episode (Mar 16), Razmig K said:
> With IPFW enabled in the kernel, I'd like to use the NAT functionality of
> user-ppp instead of natd. Do I need the IPDIVERT option in the kernel and
> the special arrangement of divert and skipto rules in the ruleset? Or, a
> non-NATed ruleset (as demonstrated in handbook section 28.6.5.6) would
> suffice?
>
> If divert rules are necessary, what argument do I need to pass to action
> divert in place of natd?
If you mean the "nat enable yes" option in ppp.conf, that is done
completely within the user-ppp daemon (using the same libalias libarary
that natd uses). Since user-ppp creates its own tun# device, it can
call the NAT functions as it processes packets to/from that device
without needing IPFW divert rules.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list