Date: Wed, 24 Sep 2008 15:52:46 +0800 From: "FBSD1" <fbsd1@a1poweruser.com> To: "fire jotawski" <jotawski@gmail.com>, <freebsd-questions@freebsd.org> Subject: RE: nat and firewall Message-ID: <NBECLJEKGLBKHHFFANMBOEBFCLAA.fbsd1@a1poweruser.com> In-Reply-To: <c583719d0809232112m6caf4777lbdb68944da2b16af@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of fire jotawski Sent: Wednesday, September 24, 2008 12:13 PM To: freebsd-questions@freebsd.org Subject: nat and firewall hi sirs, i am confused now that what is the difference between nat and firewall_nat in /etc/rc file natd_enable="YES" firewall_nat_enable="YES" just one question per asking. there will be another more questions about this but for this moment only this one first. thanks in advance for any helps and hints regards, psr _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscribe@freebsd.org natd_enable="YES" This statement in rc.conf enables ipfw nated function. firewall_nat_enable="YES" This is an invalid statement. No such thing as you have here. FreeBSD has 3 different built in firewall for you to chose from. IPFW, Ipfilter, and PF Review /etc/defaults/rc.conf for their statements. It would do you good to read the firewall section of the FreeBSD Handbook for a complete explanation of the 3 firewalls and the differences between them. In my option the PF firewall has the easiest to use rule set and built in table functions for automated black listing attacking IP address. Its major weakness is it has very poorly designed logging function that results in very cumbersome usage. IPFilter comes next. It has easy logging and rules usage. It lacks the auto black listing table building of PF. These two firewalls were ported to FreeBSD from other Unix flavored operating systems. Both have teams supporting and maintaining them. The final firewall is IPFW that is the first firewall included in FreeBSD many years ago and was developed by the FreeBSD team. IPFW also lacks the auto black listing table building of PF, and its nated rules are much harder to get working using all stateful rules. IPFW had a major coding overhaul a few years back but the inhered design flaw of how nated rules are handled was not touched. Grape vine says IPFW nated code is a messed up can of worms and no one wants to touch it. I have used all 3 firewalls at one time or another to learn about them. I found IPFilter to be the easiest to use and get logging out put in standard format like all the other FreeBSD logs are. But you should ready the handbook and decide for your self what best satisfies your firewall needs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NBECLJEKGLBKHHFFANMBOEBFCLAA.fbsd1>