Date: Mon, 08 Feb 2010 16:14:49 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Warren Block <wblock@wonkity.com> Cc: John <john@starfire.mn.org>, freebsd-questions@freebsd.org Subject: Re: Can loader.conf give you NATD support? Message-ID: <4B703879.2030801@infracaninophile.co.uk> In-Reply-To: <alpine.BSF.2.00.1002080827190.77390@wonkity.com> References: <20100208075855.A20993@starfire.mn.org> <alpine.BSF.2.00.1002080827190.77390@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/02/2010 15:39, Warren Block wrote:
> On Mon, 8 Feb 2010, John wrote:
>
>> The natd man page says it is still necessary to create a customer
>> kernl with
>>
>> options IPFIREWALL
>> options IPDIVERT
>>
>> Is that still true, or can it be accomplished vi a loader.conf?
>
> It's a kernel option, so you probably can't do it at runtime.
It's a loadable module (ipfw_nat.ko) nowadays, so you probably can do it
at runtime...
> Consider using pf instead of ipfw. pf does NAT without needing natd or
> those kernel options.
Heartily seconded. pf and ipfw fulfil the same sort of function, but
to my mind, pf wins hands down simply by having a much more usable
control interface and configuration syntax. Not to mention the
advanced pf features like ftp-proxy, HA configuration, relayd and a
bunch more.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktwOHkACgkQ8Mjk52CukIwuuwCeJwUl0RH1nSqIfYZimP7sO1hW
ZZMAnjP1ZXWZVVZsPQA4YEFPtXHMWs1c
=r3ny
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B703879.2030801>