Date: Mon, 13 Dec 2004 15:35:49 -0500 From: Louis LeBlanc <FreeBSD@keyslapper.org> To: FreeBSD Questions <freebsd-questions@FreeBSD.org> Subject: just a couple quick pf/nat questions Message-ID: <20041213203548.GC69026@keyslapper.org>
next in thread | raw e-mail | index | archive | help
Ok, I'm slowly coming out of the fog here, but it looks like I might still have a way to go. I finally found the part in the handbook that said I didn't have to compile in the IPFW* and IPDIVERT configs into the kernel *UNLESS* I wanted NAT. Well, I do, but I didn't comple the kernel with IPFIREWALL et. al. Still, I'm planning to migrate to pf, since it's "supposed" to be better. It seems (from my murky understanding) like it would make tricky NAT stuff easier, so there would be some benefits (battle.net, here I come :). Problem is, it seems like there's a whole new logical approach with pf, and I can't figure out if pf does the NAT itself or if you still need the nat_enable etc. Also, with ipfw, I just ran a script that grabbed the current dynamic IP and used it when the script was run. How does pf handle dynamic IPs? If I'm understanding the pf manual at OpenBSD.org, it will simply take the network interface and apply any IP assigned to a given rule. Am I right? Has anyone else gotten pf running to their satisfaction on 5.3? And are there any pf config generation pages out there yet? I also noticed that all the sample scripts I've looked at seem to specify ports with either an explicit port number or a macro defined right in the config. I take it pf doesn't use the service tags from /etc/services? Thanks all. Lou -- Louis LeBlanc FreeBSD@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Van Roy's Truism: Life is a whole series of circumstances beyond your control.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041213203548.GC69026>