Date: Sat, 6 Sep 2014 03:15:31 +0000 (UTC) From: John Case <case@SDF.ORG> To: freebsd-net@freebsd.org Subject: When to use and not use divert/natd ... Message-ID: <Pine.NEB.4.64.1409060308140.2500@faeroes.freeshell.org>
next in thread | raw e-mail | index | archive | help
Hello, For many years I would build FreeBSD firewalls and they would be very, very simple - I just set gateway_enable="yes" in rc.conf and everything just worked. However, these firewalls *always* had real, routable IPs no both sides. Both interfaces had real, routable IPs. Now I have a firewall that has two non-routable IPs for its interfaces, and is connected to a internet router with the real IP. When I try to builda very simple firewall it does not work, and I am forced to use ipdivert and natd. If I use ipdivert and natd, it works just fine. So, am I correct that I can create a simple gateway without natd/divert as long as both interfaces are real IPs, but if both interfaces are non-routable IPs, I am forced to use divert/natd ? Is that correct ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.64.1409060308140.2500>