nat and firewall

fire jotawski jotawski at
Wed Sep 24 09:47:44 UTC 2008

On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 <fbsd1 at> wrote:

> -----Original Message-----
> From: owner-freebsd-questions at
> [mailto:owner-freebsd-questions at]On Behalf Of fire jotawski
> Sent: Wednesday, September 24, 2008 12:13 PM
> To: freebsd-questions at
> Subject: nat and firewall
> hi sirs,
> i am confused now that what is the difference between nat and firewall_nat
> in /etc/rc file
> natd_enable="YES"
> firewall_nat_enable="YES"
> just one question per asking.  there will be another more questions about
> this but for this moment only this one first.
> thanks in advance for any helps and hints
> regards,
> psr
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to freebsd-questions-unsubscribe at

sorry for top posting
first of all thanks indeed for your answers

> natd_enable="YES"  This statement in rc.conf enables ipfw nated function.
> firewall_nat_enable="YES"  This is an invalid statement. No such thing as
> you have here.

i found firewall_nat_enable in /etc/rc.firewall
my machine is
%uname -a
FreeBSD 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep  4
09:48:32 ICT 2008     root at

> FreeBSD has 3 different built in firewall for you to chose from. IPFW,
> Ipfilter, and PF
> Review /etc/defaults/rc.conf for their statements.
> It would do you good to read the firewall section of the FreeBSD Handbook
> for a complete explanation of the 3 firewalls and the differences between
> them.
> In my option the PF firewall has the easiest to use rule set and built in
> table functions for automated black listing attacking IP address. Its major
> weakness is it has very poorly designed logging function that results in
> very cumbersome usage.
> IPFilter comes next. It has easy logging and rules usage. It lacks the auto
> black listing table building of PF. These two firewalls were ported to
> FreeBSD from other Unix flavored operating systems. Both have teams
> supporting and maintaining them.
> The final firewall is IPFW that is the first firewall included in FreeBSD
> many years ago and was developed by the FreeBSD team. IPFW also lacks the
> auto black listing table building of PF, and its nated rules are much
> harder
> to get working using all stateful rules. IPFW had a major coding overhaul a
> few years back but the inhered design flaw of how nated rules are handled
> was not touched. Grape vine says IPFW nated code is a messed up can of
> worms
> and no one wants to touch it.
> I have used all 3 firewalls at one time or another to learn about them. I
> found IPFilter to be the easiest to use and get logging out put in standard
> format like all the other FreeBSD logs are.  But you should ready the
> handbook and decide for your self what best satisfies your firewall needs.

thanks indeed for your answers. i will ask more questions regarding to natd
and firewall again after reading handbook.


More information about the freebsd-questions mailing list