From owner-freebsd-questions@FreeBSD.ORG Mon Dec 13 20:35:24 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3FB916A4CE for ; Mon, 13 Dec 2004 20:35:24 +0000 (GMT) Received: from mail-relay4.mirrorimage.net (mail-relay4.mirrorimage.net [209.58.140.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79AFA43D58 for ; Mon, 13 Dec 2004 20:35:24 +0000 (GMT) (envelope-from FreeBSD@keyslapper.org) Received: from localhost (unknown [10.10.4.59]) by mail-relay4.mirrorimage.net (Postfix) with SMTP id BDBE369390 for ; Mon, 13 Dec 2004 15:35:23 -0500 (EST) Received: by localhost (sSMTP sendmail emulation); Mon, 13 Dec 2004 15:35:49 -0500 Date: Mon, 13 Dec 2004 15:35:49 -0500 From: Louis LeBlanc To: FreeBSD Questions Message-ID: <20041213203548.GC69026@keyslapper.org> Mail-Followup-To: FreeBSD Questions Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.6i Subject: just a couple quick pf/nat questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2004 20:35:24 -0000 Ok, I'm slowly coming out of the fog here, but it looks like I might still have a way to go. I finally found the part in the handbook that said I didn't have to compile in the IPFW* and IPDIVERT configs into the kernel *UNLESS* I wanted NAT. Well, I do, but I didn't comple the kernel with IPFIREWALL et. al. Still, I'm planning to migrate to pf, since it's "supposed" to be better. It seems (from my murky understanding) like it would make tricky NAT stuff easier, so there would be some benefits (battle.net, here I come :). Problem is, it seems like there's a whole new logical approach with pf, and I can't figure out if pf does the NAT itself or if you still need the nat_enable etc. Also, with ipfw, I just ran a script that grabbed the current dynamic IP and used it when the script was run. How does pf handle dynamic IPs? If I'm understanding the pf manual at OpenBSD.org, it will simply take the network interface and apply any IP assigned to a given rule. Am I right? Has anyone else gotten pf running to their satisfaction on 5.3? And are there any pf config generation pages out there yet? I also noticed that all the sample scripts I've looked at seem to specify ports with either an explicit port number or a macro defined right in the config. I take it pf doesn't use the service tags from /etc/services? Thanks all. Lou -- Louis LeBlanc FreeBSD@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Van Roy's Truism: Life is a whole series of circumstances beyond your control.