Date: Tue, 25 Sep 2007 00:57:42 +0200 From: Christer Hermansson <mail@chdevelopment.se> To: Randy Bush <randy@psg.com> Cc: freebsd-net@freebsd.org Subject: Re: nat and ipfw - divert or builtin Message-ID: <46F840E6.4050007@chdevelopment.se> In-Reply-To: <46F8189B.900@psg.com> References: <46F5FF0A.7030203@psg.com> <46F68B1C.6020303@chdevelopment.se> <46F8189B.900@psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Randy Bush wrote: >> divert >> ipnat >> ipfw's integrated nat >> >> I believe the integrated version makes configuration simpler. I would >> choose the old classic divert with ipfw if it is for a important network >> that must work, but if I was running -current I would try the integrated >> variant beacuse it seems to be simpler to use. >> > > you seem to imply that you have reason to suspect that ipfw integrated > nat might not be reliable, or at least not as reliable as divert+natd. > any particular experiences or gossip to tell? > > No, like I said I only have experience with divert, but in my opinion it's best to not use the latest software for things that *must* work and the integrated nat is a new thing and only available for -current. However it's based on something that been around for a while, libalias, so I guess it's stable. I'm planning on trying to use ipnat with ipfw on freebsd 6.2 because I think that's simpler than divert and has been around for a while. But again if I was running a system based on -current I would go for the integrated variant. -- Christer Hermansson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46F840E6.4050007>