Can loader.conf give you NATD support?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Mon Feb 8 16:14:55 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/02/2010 15:39, Warren Block wrote:
> On Mon, 8 Feb 2010, John wrote:
>
>> The natd man page says it is still necessary to create a customer
>> kernl with
>>
>> options IPFIREWALL
>> options IPDIVERT
>>
>> Is that still true, or can it be accomplished vi a loader.conf?
>
> It's a kernel option, so you probably can't do it at runtime.
It's a loadable module (ipfw_nat.ko) nowadays, so you probably can do it
at runtime...
> Consider using pf instead of ipfw. pf does NAT without needing natd or
> those kernel options.
Heartily seconded. pf and ipfw fulfil the same sort of function, but
to my mind, pf wins hands down simply by having a much more usable
control interface and configuration syntax. Not to mention the
advanced pf features like ftp-proxy, HA configuration, relayd and a
bunch more.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktwOHkACgkQ8Mjk52CukIwuuwCeJwUl0RH1nSqIfYZimP7sO1hW
ZZMAnjP1ZXWZVVZsPQA4YEFPtXHMWs1c
=r3ny
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list