From owner-freebsd-questions Wed Jan 17 13:53:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rrlhcmal1001.lhc.redrivernet.com (unknown [206.162.97.155]) by hub.freebsd.org (Postfix) with ESMTP id 50C2537B703 for ; Wed, 17 Jan 2001 13:52:57 -0800 (PST) Received: from [216.173.151.41] by rrlhcmal1001.redrivernet.com (NTMail 5.06.0016/NU7672.00.74189ec7) with ESMTP id wjzmhbaa for questions@freebsd.org; Wed, 17 Jan 2001 14:52:44 -0700 Message-ID: <3A661423.5A4069BF@techie.com> Date: Wed, 17 Jan 2001 14:52:35 -0700 From: Janet Sullivan X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Marco Masotti Cc: questions@freebsd.org Subject: Re: ipf/ipnatd vs ipfw/natd ? References: <1.0.2.200101171558.2943@mclink.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > As far as I've been concerned with ipf/ipnat and FreeBSD, when >occasionally doing a nat gateway to an internal private network in a >small organization, I've got the lesson not to use the ipnat feature >when utilizing user PPP. > > Similarly to what recommended in the natd man page, also using >ipf/ipnat with PPP is not well suited - Use nat enable feature built-in >the user PPP implementation instead. Omitting to follow this indication >will put you in a a riot of strange behaviours, like being forced to >issue ipf -y to resync (and *by hand*, not from any script I've been >able to make) kernel filters after PPP goes up. Er, I've used ipnat/ipf with userland ppp on FreeBSD and I've never had to do an ipf -y. I'm using OpenBSD these days for firewalling purposes, but I seem to remember the trick to running ppp with ipf/ipnat on FreeBSD was to simply have your startup scripts start 'ppp -auto -quiet WHATEVER' _before_ ipf/ipnat were started, and just using tun0 like a normal interface in your ipf/ipnat rules. By default I think FreeBSD used to (might still?) start ppp after ipf/ipnat, which didn't work so well - but just fire up your favorite text editor and you can fix that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message