From owner-freebsd-questions  Thu May 20 10:12:27 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from showcase.pdsys.com (showcase.pdsys.com [207.167.12.13])
	by hub.freebsd.org (Postfix) with ESMTP id 893E014D04
	for <questions@freebsd.org>; Thu, 20 May 1999 10:12:24 -0700 (PDT)
	(envelope-from jim@pdsys.com)
Received: from pdsys.com ([24.108.11.34]) by showcase.pdsys.com
          (Post.Office MTA v3.5.2 release 221 ID# 0-56457U100L100S0V35)
          with ESMTP id com for <questions@freebsd.org>;
          Thu, 20 May 1999 11:09:12 -0600
Message-ID: <374442D9.4888F2A1@pdsys.com>
Date: Thu, 20 May 1999 11:14:01 -0600
From: Jim Whitelaw <jim@pdsys.com>
Organization: Pathways Data Systems Inc.
X-Mailer: Mozilla 4.5 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: questions@freebsd.org
Subject: ipfilter vs. natd vs. tcp_wrappers
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Could someone please explain what are the differences and relative advantages
and disadvantages between the various NAT/filtering methods available on
FreeBSD?

I just set up a new system and used natd and ipfw to provide subnet Internet
access for my home LAN via cable modem. No real problems with that, tweaked
the ipfw rules a bit and all seems well. Then I read about ipfilter and its
associated tools utils and also tcp_wrappers. So now I'm confused. 

I'm not quite seeing the big picture of how all theses tools fit together and
what their overlaps are. From what I read it appears that perhaps ipfilter
offers similar services but better logging options than natd/ipfw? And
tcp_wrappers appears to be used only in conjunction with services started via
inetd, is that right? Why would I want (or not want) to use any particular
method? 

TIA

-- 
=========================================================================
Jim Whitelaw                                         tel: +1.780.975.1534
jim-at-pdsys-dot-com                                 fax: +1.780.484.9239
Pathways Data Systems Inc.                          http://www.pdsys.com/
=========================================================================
"It is best to assume that the network is filled with malevolent entities
that will send packets designed to have the worst possible effect."
                                                       - F.Baker, RFC1812


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message