Date: Thu, 2 Oct 2008 14:39:24 +0200 From: "Dominique Goncalves" <dominique.goncalves@gmail.com> To: "fire jotawski" <jotawski@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: nat and firewall Message-ID: <7daacbbe0810020539h530c6306o5f19abf35a68c6ad@mail.gmail.com> In-Reply-To: <c583719d0810012109i2b9f4a01u12b5bf26bbfd8508@mail.gmail.com> References: <NBECLJEKGLBKHHFFANMBOEBFCLAA.fbsd1@a1poweruser.com> <48DA7491.8030002@daleco.biz> <c583719d0810012109i2b9f4a01u12b5bf26bbfd8508@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski <jotawski@gmail.com> wrote: > On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey <kdk@daleco.biz> wrote: > >> FBSD1 wrote: >> >>> >>> natd_enable="YES" This statement in rc.conf enables ipfw nated function. >>> firewall_nat_enable="YES" This is an invalid statement. No such thing as >>> you have here. >>> >> >> This is no longer true; he did indeed find "firewall_nat_enable" >> in /etc/defaults/rc.conf. The knob seems to have first appeared >> in February in HEAD and I'm guessing it cues the system to use a >> new kernel-based nat rather than natd(8), but I've not read anything >> further about this, as my system isn't as up to date as the OP's. >> I don't know when this change was MFC'ed, but apparently fairly >> recently? >> >> I suppose we need someone a tad more "in the know" to straighten >> that out for us. >> > > up to this moment, i do not know if natd and firewall_nat function in the > same or different. > and is there firewall_nat_flags thing too ? I'll try to explain, natd_* knobs are for natd(8), a daemon firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel firewall_nat_* was added in the begenning of year in RELENG_7 http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2 The NAT configuration is done by /etc/rc.firewall, you can read this file to know how the configuration is done. This is two different ways to do NAT. I can't speak about performance, kernel vs daemon. Hope this helps. > thanks in advanced for any helps and hints. > regards, > psr > > >> >> Kevin Kinsey >> -- >> A wise man can see more from a mountain top >> than a fool can from the bottom of a well. >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Regards. -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7daacbbe0810020539h530c6306o5f19abf35a68c6ad>