Date: Thu, 29 Aug 2002 00:43:07 -0700 (PDT) From: gica gica <magudexter@yahoo.com> To: freebsd-questions@freebsd.org Subject: general questions on nat and ipfw (vs. pf/ and ipf/ipnat) Message-ID: <20020829074307.47784.qmail@web20301.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello!
Even though I use FreeBSD on almost every machine in
the lan the gateways are OpenBSD. Of course, there are
some advantages to this but the main reason for this
is their firewall / nat tool i.e. PF.
To ease maintenance and in hope to achieve better
results I decided to switch them also to FreeBSD.
Still even though the ipfw has about the same
qualities as the pf firewall counter part, the natd
looks to me like a poor choice.
I have searched the net in order to find some
benchmarks on these firewalls but I found some only on
ipf and pf. Assuming that they have about the same
ratio I want to ask you guys about the natd and ipfw.
I am not sure about the ipfw stateful implementation.
As far as I know stateful rules are something "new" to
ipfw(actually not so new - since 4.0 I recall) and
they don't quite fit into the old natd architecture.
Plus a kernel option to do the NAT is more performant
and secure than having a process (like natd) to do
that.
The ipf/ipnat package is a possibility but I choose
ipfw because it has the rules (pipes) to allow/deny
traffic to users/hosts. Still, I rely heavily on NAT
and I want to make sure that natd is good choice.
Thank you,
Costin
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020829074307.47784.qmail>