Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 23 Sep 2007 17:49:48 +0200
From:      Christer Hermansson <mail@chdevelopment.se>
To:        freebsd-net@freebsd.org
Cc:        randy@psg.com
Subject:   Re: nat and ipfw - divert or builtin
Message-ID:  <46F68B1C.6020303@chdevelopment.se>
In-Reply-To: <46F5FF0A.7030203@psg.com>
References:  <46F5FF0A.7030203@psg.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Randy Bush wrote:
> freebsd-current i386 / soekris
>
> i used to use ipfw to divert to natd.  so, when i went to configure a
> new nat box nat box today, i was 82.3% there when i hit a bunch of nat
> stuff in ipfw that i do not remember seeing before.  it appears that
> ipfw will nat all on its own without natd and divert.
>
> what's the trade-off?  which should i use?
>   
I only have experience with ipdivert, but I got a tip in this mailing 
list about using ipnat with ipfw and also about this integrated variant 
so it seems to be at least 3 different ways to go for nat when running ipfw:

divert
ipnat
ipfw's integrated nat

I believe the integrated version makes configuration simpler. I would 
choose the old classic divert with ipfw if it is for a important network 
that must work, but if I was running -current I would try the integrated 
variant beacuse it seems to be simpler to use.

-- 

Christer Hermansson






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46F68B1C.6020303>