Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 Jan 2002 13:17:17 -0500
From:      "Matthew Emmerton" <matt@gsicomp.on.ca>
To:        "Rogier R. Mulhuijzen" <drwilco@drwilco.net>
Cc:        "BSD NET-List" <freebsd-net@FreeBSD.ORG>
Subject:   Re: natd restart
Message-ID:  <002001c1a75e$dca52760$1200a8c0@gsicomp.on.ca>
References:  <Pine.BSF.4.21.0201270011300.6340-100000@cody.jharris.com> <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> <5.1.0.14.0.20020127163105.01e35eb0@mail.drwilco.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
> (order of quoted mail slightly altered)
>
> >I'm looking at making natd into a kernel option ("options IPNAT") and
using
> >a combination of sysctls and a front-end program to manage how nat
operates,
> >much like "options IPFIREWALL" and ipfw works today.

I've been told that 'options IPFILTER' with ipf(8) and ipnat(8) does NAT in
the kernel, whereas 'options IPDIVERT' and ipfw(8) and natd(8) is a userland
solution.

> I've been kicking around the idea of making it a netgraph node. And I know
> several other people have too.

This is probably the easiest starting point.

> libalias is very nice, natd to me has a hackey feeling to it. Try setting
> up a firewall that nats and uses dynamic rules.... I haven't been able to,
> have had to rely on natd to do my state checking, resulting in ipfw rule
> lists that are not easily read by the layman. So maybe that's another
> reason to re-evaluate our current NAT solution.

See the alternatives above.  Perhaps ipf might handle dynamic rules better?
( I don't know, since I've used ipfw since I started using FreeBSD.)

> Would it be hard to keep using libalias? I know we can't just link against
> userland libraries in kernel land, but would there be much difficulty in
> making use of the exact same code? Because the beauty of having libalias
is
> of course the -nat switch on ppp for instance....

It would be nice to keep libalias functionality, since it is a very easy
interface to use.

> Does anything but ppp and natd use libalias?

A quick check of the sources says no.

--
Matt Emmerton


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002001c1a75e$dca52760$1200a8c0>