From owner-freebsd-net@FreeBSD.ORG Mon Sep 24 22:57:45 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18A4116A41B for ; Mon, 24 Sep 2007 22:57:45 +0000 (UTC) (envelope-from mail@chdevelopment.se) Received: from av9-1-sn3.vrr.skanova.net (av9-1-sn3.vrr.skanova.net [81.228.9.185]) by mx1.freebsd.org (Postfix) with ESMTP id C34C413C4BB for ; Mon, 24 Sep 2007 22:57:44 +0000 (UTC) (envelope-from mail@chdevelopment.se) Received: by av9-1-sn3.vrr.skanova.net (Postfix, from userid 502) id 7B88938739; Tue, 25 Sep 2007 00:57:43 +0200 (CEST) Received: from smtp3-2-sn3.vrr.skanova.net (smtp3-2-sn3.vrr.skanova.net [81.228.9.102]) by av9-1-sn3.vrr.skanova.net (Postfix) with ESMTP id 6151338008; Tue, 25 Sep 2007 00:57:43 +0200 (CEST) Received: from melissa.chdevelopment.se (90-227-26-163-no68.tbcn.telia.com [90.227.26.163]) by smtp3-2-sn3.vrr.skanova.net (Postfix) with ESMTP id 1EFA037E60; Tue, 25 Sep 2007 00:57:42 +0200 (CEST) Message-ID: <46F840E6.4050007@chdevelopment.se> Date: Tue, 25 Sep 2007 00:57:42 +0200 From: Christer Hermansson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.6) Gecko/20070811 SeaMonkey/1.1.4 MIME-Version: 1.0 To: Randy Bush References: <46F5FF0A.7030203@psg.com> <46F68B1C.6020303@chdevelopment.se> <46F8189B.900@psg.com> In-Reply-To: <46F8189B.900@psg.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: nat and ipfw - divert or builtin X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 22:57:45 -0000 Randy Bush wrote: >> divert >> ipnat >> ipfw's integrated nat >> >> I believe the integrated version makes configuration simpler. I would >> choose the old classic divert with ipfw if it is for a important network >> that must work, but if I was running -current I would try the integrated >> variant beacuse it seems to be simpler to use. >> > > you seem to imply that you have reason to suspect that ipfw integrated > nat might not be reliable, or at least not as reliable as divert+natd. > any particular experiences or gossip to tell? > > No, like I said I only have experience with divert, but in my opinion it's best to not use the latest software for things that *must* work and the integrated nat is a new thing and only available for -current. However it's based on something that been around for a while, libalias, so I guess it's stable. I'm planning on trying to use ipnat with ipfw on freebsd 6.2 because I think that's simpler than divert and has been around for a while. But again if I was running a system based on -current I would go for the integrated variant. -- Christer Hermansson