Date: Mon, 13 Dec 2004 20:26:18 -0600 From: Jay Moore <jaymo@cromagnon.cullmail.com> To: freebsd-questions@freebsd.org Cc: Louis LeBlanc <FreeBSD@keyslapper.org> Subject: Re: just a couple quick pf/nat questions Message-ID: <200412132026.18699.jaymo@cromagnon.cullmail.com> In-Reply-To: <20041213203548.GC69026@keyslapper.org> References: <20041213203548.GC69026@keyslapper.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 13 December 2004 02:35 pm, Louis LeBlanc wrote: > > Still, I'm planning to migrate to pf, since it's "supposed" to be > better. It seems (from my murky understanding) like it would make > tricky NAT stuff easier, so there would be some benefits (battle.net, > here I come :). > > Problem is, it seems like there's a whole new logical approach with pf, > and I can't figure out if pf does the NAT itself or if you still need > the nat_enable etc. No - the NAT config is incl in pf.conf > Also, with ipfw, I just ran a script that grabbed the current dynamic IP > and used it when the script was run. How does pf handle dynamic IPs? > If I'm understanding the pf manual at OpenBSD.org, it will simply take > the network interface and apply any IP assigned to a given rule. Am I > right? You are correct. > Has anyone else gotten pf running to their satisfaction on 5.3? Haven't tried that yet, but I will soon. I've been using it for quite a while on OpenBSD boxes & it is pretty much wonderful (except it won't pass a Cisco VPN connection through the firewall) > And are there any pf config generation pages out there yet? You may want to read the pf User's Guide at: http://www.openbsd.org/faq/pf/index.html It's got loads of info, and isn't a difficult read. Also, there is a sample config file for a SOHO included. If you Google for pf.conf, you'll turn up butt-loads of others. > I also noticed that all the sample scripts I've looked at seem to > specify ports with either an explicit port number or a macro defined > right in the config. I take it pf doesn't use the service tags from > /etc/services? Correct-isimo - you're catching on :) Jay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412132026.18699.jaymo>