From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  8 16:14:55 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B9A7A106568B
	for <freebsd-questions@freebsd.org>;
	Mon,  8 Feb 2010 16:14:55 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 463968FC08
	for <freebsd-questions@freebsd.org>;
	Mon,  8 Feb 2010 16:14:55 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id
	o18GEnwo034321
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Mon, 8 Feb 2010 16:14:50 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk o18GEnwo034321
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=infracaninophile.co.uk; s=201001-infracaninophile; t=1265645690;
	bh=xlQd3f+A5A3OgqR1WE7GZGCzN6SvUJGYlbNGqsxqKZQ=;
	h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References:
	In-Reply-To:Content-Type:Content-Transfer-Encoding:Cc:Content-Type:
	Date:From:In-Reply-To:Message-ID:Mime-Version:References:To;
	z=Message-ID:=20<4B703879.2030801@infracaninophile.co.uk>|Date:=20M
	on,=2008=20Feb=202010=2016:14:49=20+0000|From:=20Matthew=20Seaman=
	20<m.seaman@infracaninophile.co.uk>|Organization:=20Infracaninophi
	le|User-Agent:=20Mozilla/5.0=20(Macintosh=3B=20U=3B=20Intel=20Mac=
	20OS=20X=2010.6=3B=20en-GB=3B=20rv:1.9.1.7)=20Gecko/20100111=20Thu
	nderbird/3.0.1|MIME-Version:=201.0|To:=20Warren=20Block=20<wblock@
	wonkity.com>|CC:=20John=20<john@starfire.mn.org>,=20freebsd-questi
	ons@freebsd.org|Subject:=20Re:=20Can=20loader.conf=20give=20you=20
	NATD=20support?|References:=20<20100208075855.A20993@starfire.mn.o
	rg>=20<alpine.BSF.2.00.1002080827190.77390@wonkity.com>|In-Reply-T
	o:=20<alpine.BSF.2.00.1002080827190.77390@wonkity.com>|X-Enigmail-
	Version:=201.0|Content-Type:=20text/plain=3B=20charset=3DUTF-8|Con
	tent-Transfer-Encoding:=207bit;
	b=P8bv/Uiyl5sedqyZkNYmlFk9MMd8hp6fxhbUNEp4FdLROGCOK17d81eXBmYCElT8I
	zzKmS3qS47JOus02070DSrIdkV6ha2n7lUTxRENDYxkAktS7B+h3pnxkMYsK3mPtvW
	f3QWhtmOsFpKQjCAgdBMkJAhIeP9rcHTGoI25Tn0=
Message-ID: <4B703879.2030801@infracaninophile.co.uk>
Date: Mon, 08 Feb 2010 16:14:49 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB;
	rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: Warren Block <wblock@wonkity.com>
References: <20100208075855.A20993@starfire.mn.org>
	<alpine.BSF.2.00.1002080827190.77390@wonkity.com>
In-Reply-To: <alpine.BSF.2.00.1002080827190.77390@wonkity.com>
X-Enigmail-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.95.3 at
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VERIFIED,SPF_FAIL autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	happy-idiot-talk.infracaninophile.co.uk
Cc: John <john@starfire.mn.org>, freebsd-questions@freebsd.org
Subject: Re: Can loader.conf give you NATD support?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 16:14:55 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/02/2010 15:39, Warren Block wrote:
> On Mon, 8 Feb 2010, John wrote:
> 
>> The natd man page says it is still necessary to create a customer
>> kernl with
>>
>> options IPFIREWALL
>> options IPDIVERT
>>
>> Is that still true, or can it be accomplished vi a loader.conf?
> 
> It's a kernel option, so you probably can't do it at runtime.

It's a loadable module (ipfw_nat.ko) nowadays, so you probably can do it
at runtime...

> Consider using pf instead of ipfw.  pf does NAT without needing natd or
> those kernel options.

Heartily seconded.  pf and ipfw fulfil the same sort of function, but
to my mind, pf wins hands down simply by having a much more usable
control interface and configuration syntax.  Not to mention the
advanced pf features like ftp-proxy, HA configuration, relayd and a
bunch more.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktwOHkACgkQ8Mjk52CukIwuuwCeJwUl0RH1nSqIfYZimP7sO1hW
ZZMAnjP1ZXWZVVZsPQA4YEFPtXHMWs1c
=r3ny
-----END PGP SIGNATURE-----