From owner-freebsd-net  Tue Aug  1  1: 8:57 2000
Delivered-To: freebsd-net@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP id 6CE2F37BE60
	for <net@freebsd.org>; Tue,  1 Aug 2000 01:08:51 -0700 (PDT)
	(envelope-from nbm@sunesi.net)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 13JX6D-0002xD-00; Tue, 01 Aug 2000 10:08:29 +0200
Date: Tue, 1 Aug 2000 10:08:29 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Stephen Montgomery-Smith <stephen@math.missouri.edu>,
	Gregory Bond <gnb@itga.com.au>, net@FreeBSD.org
Subject: Re: conf/20197: rc.firewall with firewall_type=simple doesn't work with natd
Message-ID: <20000801100829.A11304@mithrandr.moria.org>
References: <200007262240.PAA88875@freefall.freebsd.org> <20000731190439.A75240@sunbay.com> <20000731194233.A4370@mithrandr.moria.org> <20000801102004.A753@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <20000801102004.A753@sunbay.com>; from ru@sunbay.com on Tue, Aug 01, 2000 at 10:20:04AM +0300
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue 2000-08-01 (10:20), Ruslan Ermilov wrote:
> > I had something reasonably similar that I was going to suggest for
> > people who use custom rulesets and want natd_enable, but not for a
> > divert line to be added automatically (I use it on my little NAT
> > router).  This means one less "customization" of rc scripts for me at
> > least (:
> > 
> I am affraid I do not understand what do you mean here.
> Could you please explain it to me a bit more?
> 
> The nat() function installs `divert' rule where appropriate only
> when both `natd_enable' and `natd_interface' are set in rc.conf.

Only if it is called - if you're using a custom firewall set, you don't
call it.  You may want your divert rule later in your firewall rules,
for whatever reason - it may only apply on certain IPs, ports, or
whatever.  I've had to comment it out to prevent it from doing something
I don't want.

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message