Date: Fri, 3 Oct 2008 10:24:42 +0700 From: "fire jotawski" <jotawski@gmail.com> To: "Dominique Goncalves" <dominique.goncalves@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: nat and firewall Message-ID: <c583719d0810022024i165d2784ra0c9b91d5a135635@mail.gmail.com> In-Reply-To: <7daacbbe0810020539h530c6306o5f19abf35a68c6ad@mail.gmail.com> References: <NBECLJEKGLBKHHFFANMBOEBFCLAA.fbsd1@a1poweruser.com> <48DA7491.8030002@daleco.biz> <c583719d0810012109i2b9f4a01u12b5bf26bbfd8508@mail.gmail.com> <7daacbbe0810020539h530c6306o5f19abf35a68c6ad@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 2, 2008 at 7:39 PM, Dominique Goncalves < dominique.goncalves@gmail.com> wrote: > Hi, > > On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski <jotawski@gmail.com> wrote: > > On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey <kdk@daleco.biz> wrote: > > > >> FBSD1 wrote: > >> > >>> > >>> natd_enable="YES" This statement in rc.conf enables ipfw nated > function. > >>> firewall_nat_enable="YES" This is an invalid statement. No such thing > as > >>> you have here. > >>> > >> > >> This is no longer true; he did indeed find "firewall_nat_enable" > >> in /etc/defaults/rc.conf. The knob seems to have first appeared > >> in February in HEAD and I'm guessing it cues the system to use a > >> new kernel-based nat rather than natd(8), but I've not read anything > >> further about this, as my system isn't as up to date as the OP's. > >> I don't know when this change was MFC'ed, but apparently fairly > >> recently? > >> > >> I suppose we need someone a tad more "in the know" to straighten > >> that out for us. > >> > > > > up to this moment, i do not know if natd and firewall_nat function in the > > same or different. > > and is there firewall_nat_flags thing too ? > > I'll try to explain, > > natd_* knobs are for natd(8), a daemon > firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel > > firewall_nat_* was added in the begenning of year in RELENG_7 > > http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2 > > The NAT configuration is done by /etc/rc.firewall, you can read this > file to know how the configuration is done. > > This is two different ways to do NAT. I can't speak about performance, > kernel vs daemon. > many thanks indeed for your clear explanations. so we simply use just one of them but not both, do not we ? once again, i appreciate all of your kind asistances in my case. with best regards, psr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c583719d0810022024i165d2784ra0c9b91d5a135635>