nat and firewall
jotawski at gmail.com
Wed Sep 24 09:47:44 UTC 2008
On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 <fbsd1 at a1poweruser.com> wrote:
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of fire jotawski
> Sent: Wednesday, September 24, 2008 12:13 PM
> To: freebsd-questions at freebsd.org
> Subject: nat and firewall
> hi sirs,
> i am confused now that what is the difference between nat and firewall_nat
> in /etc/rc file
> just one question per asking. there will be another more questions about
> this but for this moment only this one first.
> thanks in advance for any helps and hints
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to freebsd-questions-unsubscribe at freebsd.org
sorry for top posting
first of all thanks indeed for your answers
> natd_enable="YES" This statement in rc.conf enables ipfw nated function.
> firewall_nat_enable="YES" This is an invalid statement. No such thing as
> you have here.
i found firewall_nat_enable in /etc/rc.firewall
my machine is
FreeBSD makham.serveblog.net 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep 4
09:48:32 ICT 2008 root at makham.serveblog.net:/usr/obj/usr/src/sys/SITING
> FreeBSD has 3 different built in firewall for you to chose from. IPFW,
> Ipfilter, and PF
> Review /etc/defaults/rc.conf for their statements.
> It would do you good to read the firewall section of the FreeBSD Handbook
> for a complete explanation of the 3 firewalls and the differences between
> In my option the PF firewall has the easiest to use rule set and built in
> table functions for automated black listing attacking IP address. Its major
> weakness is it has very poorly designed logging function that results in
> very cumbersome usage.
> IPFilter comes next. It has easy logging and rules usage. It lacks the auto
> black listing table building of PF. These two firewalls were ported to
> FreeBSD from other Unix flavored operating systems. Both have teams
> supporting and maintaining them.
> The final firewall is IPFW that is the first firewall included in FreeBSD
> many years ago and was developed by the FreeBSD team. IPFW also lacks the
> auto black listing table building of PF, and its nated rules are much
> to get working using all stateful rules. IPFW had a major coding overhaul a
> few years back but the inhered design flaw of how nated rules are handled
> was not touched. Grape vine says IPFW nated code is a messed up can of
> and no one wants to touch it.
> I have used all 3 firewalls at one time or another to learn about them. I
> found IPFilter to be the easiest to use and get logging out put in standard
> format like all the other FreeBSD logs are. But you should ready the
> handbook and decide for your self what best satisfies your firewall needs.
thanks indeed for your answers. i will ask more questions regarding to natd
and firewall again after reading handbook.
More information about the freebsd-questions