Re: nat and firewall

On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 <fbsd1@xxxxxxxxxxxxxxx> wrote:

-----Original Message-----
From: owner-freebsd-questions@xxxxxxxxxxx
[mailto:owner-freebsd-questions@xxxxxxxxxxx]On Behalf Of fire jotawski
Sent: Wednesday, September 24, 2008 12:13 PM
To: freebsd-questions@xxxxxxxxxxx
Subject: nat and firewall

hi sirs,

i am confused now that what is the difference between nat and firewall_nat
in /etc/rc file


just one question per asking. there will be another more questions about
this but for this moment only this one first.

thanks in advance for any helps and hints

freebsd-questions@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to freebsd-questions-unsubscribe@xxxxxxxxxxx

sorry for top posting
first of all thanks indeed for your answers

natd_enable="YES" This statement in rc.conf enables ipfw nated function.
firewall_nat_enable="YES" This is an invalid statement. No such thing as
you have here.

i found firewall_nat_enable in /etc/rc.firewall
my machine is
%uname -a
FreeBSD 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep 4
09:48:32 ICT 2008 root@xxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/SITING

FreeBSD has 3 different built in firewall for you to chose from. IPFW,
Ipfilter, and PF
Review /etc/defaults/rc.conf for their statements.
It would do you good to read the firewall section of the FreeBSD Handbook
for a complete explanation of the 3 firewalls and the differences between
In my option the PF firewall has the easiest to use rule set and built in
table functions for automated black listing attacking IP address. Its major
weakness is it has very poorly designed logging function that results in
very cumbersome usage.
IPFilter comes next. It has easy logging and rules usage. It lacks the auto
black listing table building of PF. These two firewalls were ported to
FreeBSD from other Unix flavored operating systems. Both have teams
supporting and maintaining them.
The final firewall is IPFW that is the first firewall included in FreeBSD
many years ago and was developed by the FreeBSD team. IPFW also lacks the
auto black listing table building of PF, and its nated rules are much
to get working using all stateful rules. IPFW had a major coding overhaul a
few years back but the inhered design flaw of how nated rules are handled
was not touched. Grape vine says IPFW nated code is a messed up can of
and no one wants to touch it.
I have used all 3 firewalls at one time or another to learn about them. I
found IPFilter to be the easiest to use and get logging out put in standard
format like all the other FreeBSD logs are. But you should ready the
handbook and decide for your self what best satisfies your firewall needs.

thanks indeed for your answers. i will ask more questions regarding to natd
and firewall again after reading handbook.

freebsd-questions@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"