Can loader.conf give you NATD support?
The natd man page says it is still necessary to create a customer kernl with options IPFIREWALL options IPDIVERT Is that still true, or can it be accomplished vi a loader.conf? Thanks! -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can loader.conf give you NATD support?
On Mon, 8 Feb 2010, John wrote: The natd man page says it is still necessary to create a customer kernl with options IPFIREWALL options IPDIVERT Is that still true, or can it be accomplished vi a loader.conf? It's a kernel option, so you probably can't do it at runtime. Consider using pf instead of ipfw. pf does NAT without needing natd or those kernel options. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can loader.conf give you NATD support?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/02/2010 15:39, Warren Block wrote: > On Mon, 8 Feb 2010, John wrote: > >> The natd man page says it is still necessary to create a customer >> kernl with >> >> options IPFIREWALL >> options IPDIVERT >> >> Is that still true, or can it be accomplished vi a loader.conf? > > It's a kernel option, so you probably can't do it at runtime. It's a loadable module (ipfw_nat.ko) nowadays, so you probably can do it at runtime... > Consider using pf instead of ipfw. pf does NAT without needing natd or > those kernel options. Heartily seconded. pf and ipfw fulfil the same sort of function, but to my mind, pf wins hands down simply by having a much more usable control interface and configuration syntax. Not to mention the advanced pf features like ftp-proxy, HA configuration, relayd and a bunch more. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktwOHkACgkQ8Mjk52CukIwuuwCeJwUl0RH1nSqIfYZimP7sO1hW ZZMAnjP1ZXWZVVZsPQA4YEFPtXHMWs1c =r3ny -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can loader.conf give you NATD support?
On Mon, Feb 08, 2010 at 08:39:14AM -0700, Warren Block wrote: > On Mon, 8 Feb 2010, John wrote: > > > The natd man page says it is still necessary to create a customer > > kernl with > > > > options IPFIREWALL > > options IPDIVERT > > > > Is that still true, or can it be accomplished vi a loader.conf? > > It's a kernel option, so you probably can't do it at runtime. > > Consider using pf instead of ipfw. pf does NAT without needing natd or > those kernel options. Oh. OK! That must be new since the last time I did this. Will it be difficult to port my ipfw and natd rules to pf? > -Warren Block * Rapid City, South Dakota USA > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
