From owner-freebsd-questions@FreeBSD.ORG Fri Oct 3 03:24:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9F871065688 for ; Fri, 3 Oct 2008 03:24:44 +0000 (UTC) (envelope-from jotawski@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.190]) by mx1.freebsd.org (Postfix) with ESMTP id 4E32F8FC14 for ; Fri, 3 Oct 2008 03:24:44 +0000 (UTC) (envelope-from jotawski@gmail.com) Received: by fk-out-0910.google.com with SMTP id k31so892134fkk.11 for ; Thu, 02 Oct 2008 20:24:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=0l5g959Qy6nKCeFDHnrtjtERldmb1hVn5p+NDWc81G0=; b=YpHUDcgqFRCt8JYnxeLehv5EVtXOt31NbxQloT13ipAy3iTA1LV8jVaCv8xGl1yf9S VDRu9iFSlSyq9w18Z7qb8Jmc/i19fsTnQ2MVxZ3nwioS52FFb0yeKAFpf6w0jIflSNZo 6KtOZds49kkQHgxN+Ww4KW6NByGPxv9c9CJZw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=fe+eOLB6/loWCL/VxHWF2mUqPl/Dl9c4Nt2lC8mU/1GUwMgKVEXF+zFhRY9lYN+sOH b5KgmbdruCdB5NLh9VUH2UiEUo5zxhtmqjVgXQqAMIMNUiF1iW6BP/BJfJipW7t4Dsk7 WQhTPgX+ZBaZQisT/NEyKkMliAZC/fvM17feQ= Received: by 10.180.241.8 with SMTP id o8mr188120bkh.60.1223004282814; Thu, 02 Oct 2008 20:24:42 -0700 (PDT) Received: by 10.181.22.11 with HTTP; Thu, 2 Oct 2008 20:24:42 -0700 (PDT) Message-ID: Date: Fri, 3 Oct 2008 10:24:42 +0700 From: "fire jotawski" To: "Dominique Goncalves" In-Reply-To: <7daacbbe0810020539h530c6306o5f19abf35a68c6ad@mail.gmail.com> MIME-Version: 1.0 References: <48DA7491.8030002@daleco.biz> <7daacbbe0810020539h530c6306o5f19abf35a68c6ad@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: nat and firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2008 03:24:44 -0000 On Thu, Oct 2, 2008 at 7:39 PM, Dominique Goncalves < dominique.goncalves@gmail.com> wrote: > Hi, > > On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski wrote: > > On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey wrote: > > > >> FBSD1 wrote: > >> > >>> > >>> natd_enable="YES" This statement in rc.conf enables ipfw nated > function. > >>> firewall_nat_enable="YES" This is an invalid statement. No such thing > as > >>> you have here. > >>> > >> > >> This is no longer true; he did indeed find "firewall_nat_enable" > >> in /etc/defaults/rc.conf. The knob seems to have first appeared > >> in February in HEAD and I'm guessing it cues the system to use a > >> new kernel-based nat rather than natd(8), but I've not read anything > >> further about this, as my system isn't as up to date as the OP's. > >> I don't know when this change was MFC'ed, but apparently fairly > >> recently? > >> > >> I suppose we need someone a tad more "in the know" to straighten > >> that out for us. > >> > > > > up to this moment, i do not know if natd and firewall_nat function in the > > same or different. > > and is there firewall_nat_flags thing too ? > > I'll try to explain, > > natd_* knobs are for natd(8), a daemon > firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel > > firewall_nat_* was added in the begenning of year in RELENG_7 > > http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2 > > The NAT configuration is done by /etc/rc.firewall, you can read this > file to know how the configuration is done. > > This is two different ways to do NAT. I can't speak about performance, > kernel vs daemon. > many thanks indeed for your clear explanations. so we simply use just one of them but not both, do not we ? once again, i appreciate all of your kind asistances in my case. with best regards, psr