From owner-freebsd-questions@FreeBSD.ORG Thu Oct 2 12:39:26 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35A0C1065693 for ; Thu, 2 Oct 2008 12:39:26 +0000 (UTC) (envelope-from dominique.goncalves@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by mx1.freebsd.org (Postfix) with ESMTP id DDD518FC14 for ; Thu, 2 Oct 2008 12:39:25 +0000 (UTC) (envelope-from dominique.goncalves@gmail.com) Received: by qw-out-2122.google.com with SMTP id 9so232253qwb.7 for ; Thu, 02 Oct 2008 05:39:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=7BbuZwwO6UzfN5u8sukqxQvRq1GqCKHBdt/0lX8lkV8=; b=J8kpSSMFHnlckbTtc1ZriAD5WAL396+Gn8yPc2it7iHsZYtI50N+9A9mKtL6oEliku S0fjJv9brLHO8NCjAMU+Gr/E7ICtgw1Ex2FBvcrZuevffJVjQhI4gJTt9B59LA1zopCB I3Q3wfGUAWf3tYyxKPK8Ou5xpFZ+H0jmytuSo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=k/0LaX5IchdF8ilAPyRjIqqExeJEqKTjf37WJTAVZzm6FOdiEJebIL35xQLLV87fTk iO0wMCJZW5q5/4+rNqEvD2ywu897D/WsttwpfAwtz81fqdfFG94BzpRvMKEqkvf3PUFJ Sqc96Ft+bPAUYJpiaPcSRMruRmGWepHaEe8hU= Received: by 10.215.101.5 with SMTP id d5mr9611234qam.8.1222951164687; Thu, 02 Oct 2008 05:39:24 -0700 (PDT) Received: by 10.215.39.4 with HTTP; Thu, 2 Oct 2008 05:39:24 -0700 (PDT) Message-ID: <7daacbbe0810020539h530c6306o5f19abf35a68c6ad@mail.gmail.com> Date: Thu, 2 Oct 2008 14:39:24 +0200 From: "Dominique Goncalves" To: "fire jotawski" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48DA7491.8030002@daleco.biz> Cc: freebsd-questions@freebsd.org Subject: Re: nat and firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2008 12:39:26 -0000 Hi, On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski wrote: > On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey wrote: > >> FBSD1 wrote: >> >>> >>> natd_enable="YES" This statement in rc.conf enables ipfw nated function. >>> firewall_nat_enable="YES" This is an invalid statement. No such thing as >>> you have here. >>> >> >> This is no longer true; he did indeed find "firewall_nat_enable" >> in /etc/defaults/rc.conf. The knob seems to have first appeared >> in February in HEAD and I'm guessing it cues the system to use a >> new kernel-based nat rather than natd(8), but I've not read anything >> further about this, as my system isn't as up to date as the OP's. >> I don't know when this change was MFC'ed, but apparently fairly >> recently? >> >> I suppose we need someone a tad more "in the know" to straighten >> that out for us. >> > > up to this moment, i do not know if natd and firewall_nat function in the > same or different. > and is there firewall_nat_flags thing too ? I'll try to explain, natd_* knobs are for natd(8), a daemon firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel firewall_nat_* was added in the begenning of year in RELENG_7 http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2 The NAT configuration is done by /etc/rc.firewall, you can read this file to know how the configuration is done. This is two different ways to do NAT. I can't speak about performance, kernel vs daemon. Hope this helps. > thanks in advanced for any helps and hints. > regards, > psr > > >> >> Kevin Kinsey >> -- >> A wise man can see more from a mountain top >> than a fool can from the bottom of a well. >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Regards. -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life."