From owner-freebsd-doc@FreeBSD.ORG  Sat Mar 27 09:40:18 2004
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 756BC16A4CE
	for <freebsd-doc@hub.freebsd.org>;
	Sat, 27 Mar 2004 09:40:18 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6833043D2D
	for <freebsd-doc@hub.freebsd.org>;
	Sat, 27 Mar 2004 09:40:18 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i2RHeIbv035152	for <freebsd-doc@freefall.freebsd.org>;
	Sat, 27 Mar 2004 09:40:18 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2RHeIb6035150;
	Sat, 27 Mar 2004 09:40:18 -0800 (PST)
	(envelope-from gnats)
Date: Sat, 27 Mar 2004 09:40:18 -0800 (PST)
Message-Id: <200403271740.i2RHeIb6035150@freefall.freebsd.org>
To: freebsd-doc@FreeBSD.org
From: Marc Fonvieille <blackend@FreeBSD.org>
Subject: Re: docs/64807: Handbook section on NAT incomplete
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Marc Fonvieille <blackend@FreeBSD.org>
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Mar 2004 17:40:18 -0000

The following reply was made to PR docs/64807; it has been noted by GNATS.

From: Marc Fonvieille <blackend@FreeBSD.org>
To: Vlad Manilici <vman.SYMBOL.tmok.SYMBOL.com@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: docs/64807: Handbook section on NAT incomplete
Date: Sat, 27 Mar 2004 18:38:46 +0100

 On Sat, Mar 27, 2004 at 08:33:43AM -0800, Vlad Manilici wrote:
 > 
 > >Description:
 > The Handbook section on NAT:
 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html
 > does not contain sufficient information to configure NAT on FreeBSD.
 > 
 > More specific:
 > 1. the suggested firewall configuration ("OPEN") does not contain any
 >    redirection rule. Probably, the intention was "OpenClient".
 > 2. it should be mentioned that NAT does not work with statefull rules.
 > 3. NAT configuration with an "open" firewall is not enough in today's
 >    Internet. A set of rules that mixes NAT with filtering should be
 >    explained. Combining the two raises some problems not seen in any
 >    independently, and should definitely be explained.
 > 
 > Here is a working set of rules for NAT and some meaningful packet
 > filtering (of course, one could do better). The external interface
 > is "xl0", and the internal one "rl0". The internal network is
 > 10.0.0/24.
 >
 [...]
 
 You are talking about packet filtering not only NAT, the aim of the
 mentioned section is to only cover NAT (natd(8)) not the configuration
 of a firewall (it's why the OPEN type was used).
 All examples are done with that point of view.
 
 If someone wants to add packet filtering the read of 
 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
 and /etc/rc.firewall will be enough since rc.firewall contains good
 example.  (Changing the OPEN type to SIMPLE or CLIENT does the trick)
 
 Marc