Date: Tue, 1 Aug 2000 10:08:29 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Stephen Montgomery-Smith <stephen@math.missouri.edu>, Gregory Bond <gnb@itga.com.au>, net@FreeBSD.org Subject: Re: conf/20197: rc.firewall with firewall_type=simple doesn't work with natd Message-ID: <20000801100829.A11304@mithrandr.moria.org> In-Reply-To: <20000801102004.A753@sunbay.com>; from ru@sunbay.com on Tue, Aug 01, 2000 at 10:20:04AM %2B0300 References: <200007262240.PAA88875@freefall.freebsd.org> <20000731190439.A75240@sunbay.com> <20000731194233.A4370@mithrandr.moria.org> <20000801102004.A753@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue 2000-08-01 (10:20), Ruslan Ermilov wrote: > > I had something reasonably similar that I was going to suggest for > > people who use custom rulesets and want natd_enable, but not for a > > divert line to be added automatically (I use it on my little NAT > > router). This means one less "customization" of rc scripts for me at > > least (: > > > I am affraid I do not understand what do you mean here. > Could you please explain it to me a bit more? > > The nat() function installs `divert' rule where appropriate only > when both `natd_enable' and `natd_interface' are set in rc.conf. Only if it is called - if you're using a custom firewall set, you don't call it. You may want your divert rule later in your firewall rules, for whatever reason - it may only apply on certain IPs, ports, or whatever. I've had to comment it out to prevent it from doing something I don't want. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000801100829.A11304>