From owner-freebsd-questions@FreeBSD.ORG Wed Sep 24 17:11:10 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1FC0C1065684 for ; Wed, 24 Sep 2008 17:11:10 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id C72948FC12 for ; Wed, 24 Sep 2008 17:11:09 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.14.2/8.13.8) with ESMTP id m8OHB4dP092694; Wed, 24 Sep 2008 12:11:04 -0500 (CDT) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id l7zYTvMjXCdd; Wed, 24 Sep 2008 12:10:57 -0500 (CDT) Received: from archangel.daleco.biz (dsl.daleco.biz [209.125.108.70]) by ezekiel.daleco.biz (8.14.2/8.13.8) with ESMTP id m8OHAlOV092676; Wed, 24 Sep 2008 12:10:56 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <48DA7491.8030002@daleco.biz> Date: Wed, 24 Sep 2008 12:10:41 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.16) Gecko/20080719 SeaMonkey/1.1.11 MIME-Version: 1.0 To: fbsd1@a1poweruser.com References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org, fire jotawski Subject: Re: nat and firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2008 17:11:10 -0000 FBSD1 wrote: > > natd_enable="YES" This statement in rc.conf enables ipfw nated function. > firewall_nat_enable="YES" This is an invalid statement. No such thing as > you have here. This is no longer true; he did indeed find "firewall_nat_enable" in /etc/defaults/rc.conf. The knob seems to have first appeared in February in HEAD and I'm guessing it cues the system to use a new kernel-based nat rather than natd(8), but I've not read anything further about this, as my system isn't as up to date as the OP's. I don't know when this change was MFC'ed, but apparently fairly recently? I suppose we need someone a tad more "in the know" to straighten that out for us. Kevin Kinsey -- A wise man can see more from a mountain top than a fool can from the bottom of a well.