From owner-freebsd-questions@FreeBSD.ORG Wed Sep 24 09:47:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21617106567B for ; Wed, 24 Sep 2008 09:47:44 +0000 (UTC) (envelope-from jotawski@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.238]) by mx1.freebsd.org (Postfix) with ESMTP id E89FB8FC0C for ; Wed, 24 Sep 2008 09:47:43 +0000 (UTC) (envelope-from jotawski@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so2246939rvf.43 for ; Wed, 24 Sep 2008 02:47:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=f/j+u0/UbSrN+bpZAJdGTSqogKliUL2MM0Vjyg12kNM=; b=XONjD68ql7dqOM7uzaCLX8iam7zEhoYQ2OrnG66MpD+bEMIMnU0t9sO93dKYe/gQFL yZ9gaIO7CG6+8pqxSQ/NZC3PiGxWdkpabh7x1FiQ6PMHx9ajqL9+XVhgMpo9SPxLicY9 hIMEEpuvTXIKQrQ4a3no96gs4H4jHIuVsnSE4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=lZctgsJkBhMkDxDHtV+kXfTIPfku1kIUN/RKaJc6cpW5khEj6MDzL9p6TvySm3cfRE 1hZR1fCm/4gAgdWuEAqWtZXwRS8We/I2/xLX13GuVusfosmxzg4cpVE04nsFsyOVU+2z 0LwErWSgal3drHPqLkWikBtc8c79NxychA5As= Received: by 10.115.33.1 with SMTP id l1mr7788628waj.115.1222249662803; Wed, 24 Sep 2008 02:47:42 -0700 (PDT) Received: by 10.115.77.10 with HTTP; Wed, 24 Sep 2008 02:47:42 -0700 (PDT) Message-ID: Date: Wed, 24 Sep 2008 16:47:42 +0700 From: "fire jotawski" To: fbsd1@a1poweruser.com In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: nat and firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2008 09:47:44 -0000 On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 wrote: > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of fire jotawski > Sent: Wednesday, September 24, 2008 12:13 PM > To: freebsd-questions@freebsd.org > Subject: nat and firewall > > hi sirs, > > i am confused now that what is the difference between nat and firewall_nat > in /etc/rc file > > natd_enable="YES" > firewall_nat_enable="YES" > > just one question per asking. there will be another more questions about > this but for this moment only this one first. > > thanks in advance for any helps and hints > > regards, > psr > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to freebsd-questions-unsubscribe@freebsd.org > sorry for top posting first of all thanks indeed for your answers > > > natd_enable="YES" This statement in rc.conf enables ipfw nated function. > firewall_nat_enable="YES" This is an invalid statement. No such thing as > you have here. i found firewall_nat_enable in /etc/rc.firewall my machine is %uname -a FreeBSD makham.serveblog.net 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep 4 09:48:32 ICT 2008 root@makham.serveblog.net:/usr/obj/usr/src/sys/SITING i386 % > FreeBSD has 3 different built in firewall for you to chose from. IPFW, > Ipfilter, and PF > Review /etc/defaults/rc.conf for their statements. > It would do you good to read the firewall section of the FreeBSD Handbook > for a complete explanation of the 3 firewalls and the differences between > them. > In my option the PF firewall has the easiest to use rule set and built in > table functions for automated black listing attacking IP address. Its major > weakness is it has very poorly designed logging function that results in > very cumbersome usage. > IPFilter comes next. It has easy logging and rules usage. It lacks the auto > black listing table building of PF. These two firewalls were ported to > FreeBSD from other Unix flavored operating systems. Both have teams > supporting and maintaining them. > The final firewall is IPFW that is the first firewall included in FreeBSD > many years ago and was developed by the FreeBSD team. IPFW also lacks the > auto black listing table building of PF, and its nated rules are much > harder > to get working using all stateful rules. IPFW had a major coding overhaul a > few years back but the inhered design flaw of how nated rules are handled > was not touched. Grape vine says IPFW nated code is a messed up can of > worms > and no one wants to touch it. > I have used all 3 firewalls at one time or another to learn about them. I > found IPFilter to be the easiest to use and get logging out put in standard > format like all the other FreeBSD logs are. But you should ready the > handbook and decide for your self what best satisfies your firewall needs. > thanks indeed for your answers. i will ask more questions regarding to natd and firewall again after reading handbook. regards, psr