Date: Wed, 17 Jan 2001 14:52:35 -0700 From: Janet Sullivan <eliyanah@techie.com> To: Marco Masotti <masotti@mclink.it> Cc: questions@freebsd.org Subject: Re: ipf/ipnatd vs ipfw/natd ? Message-ID: <3A661423.5A4069BF@techie.com> References: <1.0.2.200101171558.2943@mclink.it>
next in thread | previous in thread | raw e-mail | index | archive | help
> As far as I've been concerned with ipf/ipnat and FreeBSD, when >occasionally doing a nat gateway to an internal private network in a >small organization, I've got the lesson not to use the ipnat feature >when utilizing user PPP. > > Similarly to what recommended in the natd man page, also using >ipf/ipnat with PPP is not well suited - Use nat enable feature built-in >the user PPP implementation instead. Omitting to follow this indication >will put you in a a riot of strange behaviours, like being forced to >issue ipf -y to resync (and *by hand*, not from any script I've been >able to make) kernel filters after PPP goes up. Er, I've used ipnat/ipf with userland ppp on FreeBSD and I've never had to do an ipf -y. I'm using OpenBSD these days for firewalling purposes, but I seem to remember the trick to running ppp with ipf/ipnat on FreeBSD was to simply have your startup scripts start 'ppp -auto -quiet WHATEVER' _before_ ipf/ipnat were started, and just using tun0 like a normal interface in your ipf/ipnat rules. By default I think FreeBSD used to (might still?) start ppp after ipf/ipnat, which didn't work so well - but just fire up your favorite text editor and you can fix that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A661423.5A4069BF>