Date: Wed, 24 Sep 2008 16:47:42 +0700 From: "fire jotawski" <jotawski@gmail.com> To: fbsd1@a1poweruser.com Cc: freebsd-questions@freebsd.org Subject: Re: nat and firewall Message-ID: <c583719d0809240247m1a77bc13w83f16893469cec10@mail.gmail.com> In-Reply-To: <NBECLJEKGLBKHHFFANMBOEBFCLAA.fbsd1@a1poweruser.com> References: <c583719d0809232112m6caf4777lbdb68944da2b16af@mail.gmail.com> <NBECLJEKGLBKHHFFANMBOEBFCLAA.fbsd1@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 24, 2008 at 2:52 PM, FBSD1 <fbsd1@a1poweruser.com> wrote: > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of fire jotawski > Sent: Wednesday, September 24, 2008 12:13 PM > To: freebsd-questions@freebsd.org > Subject: nat and firewall > > hi sirs, > > i am confused now that what is the difference between nat and firewall_nat > in /etc/rc file > > natd_enable="YES" > firewall_nat_enable="YES" > > just one question per asking. there will be another more questions about > this but for this moment only this one first. > > thanks in advance for any helps and hints > > regards, > psr > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to freebsd-questions-unsubscribe@freebsd.org > sorry for top posting first of all thanks indeed for your answers > > > natd_enable="YES" This statement in rc.conf enables ipfw nated function. > firewall_nat_enable="YES" This is an invalid statement. No such thing as > you have here. i found firewall_nat_enable in /etc/rc.firewall my machine is %uname -a FreeBSD makham.serveblog.net 7.0-RELEASE FreeBSD 7.0-RELEASE #5: Thu Sep 4 09:48:32 ICT 2008 root@makham.serveblog.net:/usr/obj/usr/src/sys/SITING i386 % > FreeBSD has 3 different built in firewall for you to chose from. IPFW, > Ipfilter, and PF > Review /etc/defaults/rc.conf for their statements. > It would do you good to read the firewall section of the FreeBSD Handbook > for a complete explanation of the 3 firewalls and the differences between > them. > In my option the PF firewall has the easiest to use rule set and built in > table functions for automated black listing attacking IP address. Its major > weakness is it has very poorly designed logging function that results in > very cumbersome usage. > IPFilter comes next. It has easy logging and rules usage. It lacks the auto > black listing table building of PF. These two firewalls were ported to > FreeBSD from other Unix flavored operating systems. Both have teams > supporting and maintaining them. > The final firewall is IPFW that is the first firewall included in FreeBSD > many years ago and was developed by the FreeBSD team. IPFW also lacks the > auto black listing table building of PF, and its nated rules are much > harder > to get working using all stateful rules. IPFW had a major coding overhaul a > few years back but the inhered design flaw of how nated rules are handled > was not touched. Grape vine says IPFW nated code is a messed up can of > worms > and no one wants to touch it. > I have used all 3 firewalls at one time or another to learn about them. I > found IPFilter to be the easiest to use and get logging out put in standard > format like all the other FreeBSD logs are. But you should ready the > handbook and decide for your self what best satisfies your firewall needs. > thanks indeed for your answers. i will ask more questions regarding to natd and firewall again after reading handbook. regards, psr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c583719d0809240247m1a77bc13w83f16893469cec10>