nat and firewall
Dominique Goncalves
dominique.goncalves at gmail.com
Thu Oct 2 12:39:26 UTC 2008
Hi,
On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski <jotawski at gmail.com> wrote:
> On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey <kdk at daleco.biz> wrote:
>
>> FBSD1 wrote:
>>
>>>
>>> natd_enable="YES" This statement in rc.conf enables ipfw nated function.
>>> firewall_nat_enable="YES" This is an invalid statement. No such thing as
>>> you have here.
>>>
>>
>> This is no longer true; he did indeed find "firewall_nat_enable"
>> in /etc/defaults/rc.conf. The knob seems to have first appeared
>> in February in HEAD and I'm guessing it cues the system to use a
>> new kernel-based nat rather than natd(8), but I've not read anything
>> further about this, as my system isn't as up to date as the OP's.
>> I don't know when this change was MFC'ed, but apparently fairly
>> recently?
>>
>> I suppose we need someone a tad more "in the know" to straighten
>> that out for us.
>>
>
> up to this moment, i do not know if natd and firewall_nat function in the
> same or different.
> and is there firewall_nat_flags thing too ?
I'll try to explain,
natd_* knobs are for natd(8), a daemon
firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel
firewall_nat_* was added in the begenning of year in RELENG_7
http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2
The NAT configuration is done by /etc/rc.firewall, you can read this
file to know how the configuration is done.
This is two different ways to do NAT. I can't speak about performance,
kernel vs daemon.
Hope this helps.
> thanks in advanced for any helps and hints.
> regards,
> psr
>
>
>>
>> Kevin Kinsey
>> --
>> A wise man can see more from a mountain top
>> than a fool can from the bottom of a well.
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Regards.
--
There's this old saying: "Give a man a fish, feed him for a day. Teach
a man to fish, feed him for life."
More information about the freebsd-questions
mailing list