Date: Fri, 3 Oct 2008 13:28:07 +0200 From: "Dominique Goncalves" <dominique.goncalves@gmail.com> To: "fire jotawski" <jotawski@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: nat and firewall Message-ID: <7daacbbe0810030428g12fd721bw6dcc822f0705b16d@mail.gmail.com> In-Reply-To: <c583719d0810022024i165d2784ra0c9b91d5a135635@mail.gmail.com> References: <NBECLJEKGLBKHHFFANMBOEBFCLAA.fbsd1@a1poweruser.com> <48DA7491.8030002@daleco.biz> <c583719d0810012109i2b9f4a01u12b5bf26bbfd8508@mail.gmail.com> <7daacbbe0810020539h530c6306o5f19abf35a68c6ad@mail.gmail.com> <c583719d0810022024i165d2784ra0c9b91d5a135635@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 3, 2008 at 5:24 AM, fire jotawski <jotawski@gmail.com> wrote: > > > On Thu, Oct 2, 2008 at 7:39 PM, Dominique Goncalves > <dominique.goncalves@gmail.com> wrote: >> >> Hi, >> >> On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski <jotawski@gmail.com> wrote: >> > On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey <kdk@daleco.biz> wrote: >> > >> >> FBSD1 wrote: >> >> >> >>> >> >>> natd_enable="YES" This statement in rc.conf enables ipfw nated >> >>> function. >> >>> firewall_nat_enable="YES" This is an invalid statement. No such thing >> >>> as >> >>> you have here. >> >>> >> >> >> >> This is no longer true; he did indeed find "firewall_nat_enable" >> >> in /etc/defaults/rc.conf. The knob seems to have first appeared >> >> in February in HEAD and I'm guessing it cues the system to use a >> >> new kernel-based nat rather than natd(8), but I've not read anything >> >> further about this, as my system isn't as up to date as the OP's. >> >> I don't know when this change was MFC'ed, but apparently fairly >> >> recently? >> >> >> >> I suppose we need someone a tad more "in the know" to straighten >> >> that out for us. >> >> >> > >> > up to this moment, i do not know if natd and firewall_nat function in >> > the >> > same or different. >> > and is there firewall_nat_flags thing too ? >> >> I'll try to explain, >> >> natd_* knobs are for natd(8), a daemon >> firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel >> >> firewall_nat_* was added in the begenning of year in RELENG_7 >> >> http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2 >> >> The NAT configuration is done by /etc/rc.firewall, you can read this >> file to know how the configuration is done. >> >> This is two different ways to do NAT. I can't speak about performance, >> kernel vs daemon. > > many thanks indeed for your clear explanations. > so we simply use just one of them but not both, do not we ? Yes. > once again, i appreciate all of your kind asistances in my case. > > with best regards, > psr > > Regards. -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7daacbbe0810030428g12fd721bw6dcc822f0705b16d>