Re: nat and firewall



On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 <fbsd1@xxxxxxxxxxxxxxx> wrote:



-----Original Message-----
From: owner-freebsd-questions@xxxxxxxxxxx
[mailto:owner-freebsd-questions@xxxxxxxxxxx]On Behalf Of fire jotawski
Sent: Wednesday, September 24, 2008 12:13 PM
To: freebsd-questions@xxxxxxxxxxx
Subject: nat and firewall

hi sirs,

i am confused now that what is the difference between nat and firewall_nat
in /etc/rc file

natd_enable="YES"
firewall_nat_enable="YES"

just one question per asking. there will be another more questions about
this but for this moment only this one first.

thanks in advance for any helps and hints

regards,
psr
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscribe@xxxxxxxxxxx


sorry for top posting
first of all thanks indeed for your answers



natd_enable="YES" This statement in rc.conf enables ipfw nated function.
firewall_nat_enable="YES" This is an invalid statement. No such thing as
you have here.



i found firewall_nat_enable in /etc/rc.firewall
my machine is
%uname -a
FreeBSD makham.serveblog.net 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep 4
09:48:32 ICT 2008 root@xxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/SITING
i386
%



FreeBSD has 3 different built in firewall for you to chose from. IPFW,
Ipfilter, and PF
Review /etc/defaults/rc.conf for their statements.
It would do you good to read the firewall section of the FreeBSD Handbook
for a complete explanation of the 3 firewalls and the differences between
them.
In my option the PF firewall has the easiest to use rule set and built in
table functions for automated black listing attacking IP address. Its major
weakness is it has very poorly designed logging function that results in
very cumbersome usage.
IPFilter comes next. It has easy logging and rules usage. It lacks the auto
black listing table building of PF. These two firewalls were ported to
FreeBSD from other Unix flavored operating systems. Both have teams
supporting and maintaining them.
The final firewall is IPFW that is the first firewall included in FreeBSD
many years ago and was developed by the FreeBSD team. IPFW also lacks the
auto black listing table building of PF, and its nated rules are much
harder
to get working using all stateful rules. IPFW had a major coding overhaul a
few years back but the inhered design flaw of how nated rules are handled
was not touched. Grape vine says IPFW nated code is a messed up can of
worms
and no one wants to touch it.
I have used all 3 firewalls at one time or another to learn about them. I
found IPFilter to be the easiest to use and get logging out put in standard
format like all the other FreeBSD logs are. But you should ready the
handbook and decide for your self what best satisfies your firewall needs.


thanks indeed for your answers. i will ask more questions regarding to natd
and firewall again after reading handbook.

regards,
psr
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: natd: failed to write packet back (Permission denied)
    ... > last month I installed a working firewall using FreeBSD 4.4, ... I hope there isn't a mistake in the ipfw rules.. ... > Presse Programm Service Berlin - Systems administration ...
    (FreeBSD-Security)
  • Re: solaris
    ... >> router while I attempted to explain the router was ... >> of handling a CLI OS like FreeBSD? ... that these individuals would not be the target market ... > despite the fact that it should include a firewall. ...
    (freebsd-questions)
  • RE: firewall on freebsd
    ... issues I have with it are on the NAT side. ... I'm going to learn about the freebsd firewall. ... To unsubscribe, ...
    (freebsd-questions)
  • Re: My first install - good performance, firewall questions
    ... There are two firewall, ipf and ipfw, embedded in the FreeBSD. ...
    (comp.unix.bsd.freebsd.misc)
  • ipfw and nmap
    ... i've been experimenting with ipfw since moving some of my machines from linux ... to freebsd and i've run across an oddity wrt nmap and freebsd firewalls. ... the firewall is working though. ...
    (freebsd-questions)