From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 16 02:16:15 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 848F41065671
	for <freebsd-questions@freebsd.org>;
	Sun, 16 Mar 2008 02:16:15 +0000 (UTC)
	(envelope-from dan@dan.emsphone.com)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by mx1.freebsd.org (Postfix) with ESMTP id 5F6F48FC15
	for <freebsd-questions@freebsd.org>;
	Sun, 16 Mar 2008 02:16:15 +0000 (UTC)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.14.2/8.14.2) id m2G2GD8A079488;
	Sat, 15 Mar 2008 21:16:13 -0500 (CDT) (envelope-from dan)
Date: Sat, 15 Mar 2008 21:16:12 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: Razmig K <strontium90@gmail.com>
Message-ID: <20080316021612.GB4295@dan.emsphone.com>
References: <47DC503D.7020008@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <47DC503D.7020008@gmail.com>
X-OS: FreeBSD 7.0-STABLE
User-Agent: Mutt/1.5.17 (2007-11-01)
Cc: freebsd-questions@freebsd.org
Subject: Re: IPFW with user-ppp's NAT
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2008 02:16:15 -0000

In the last episode (Mar 16), Razmig K said:
> With IPFW enabled in the kernel, I'd like to use the NAT functionality of 
> user-ppp instead of natd. Do I need the IPDIVERT option in the kernel and 
> the special arrangement of divert and skipto rules in the ruleset? Or, a 
> non-NATed ruleset (as demonstrated in handbook section 28.6.5.6) would 
> suffice?
>
> If divert rules are necessary, what argument do I need to pass to action 
> divert in place of natd?

If you mean the "nat enable yes" option in ppp.conf, that is done
completely within the user-ppp daemon (using the same libalias libarary
that natd uses).  Since user-ppp creates its own tun# device, it can
call the NAT functions as it processes packets to/from that device
without needing IPFW divert rules.

-- 
	Dan Nelson
	dnelson@allantgroup.com