On Thu, Oct 2, 2008 at 7:39 PM, Dominique Goncalves < [EMAIL PROTECTED]> wrote:
> Hi, > > On Thu, Oct 2, 2008 at 6:09 AM, fire jotawski <[EMAIL PROTECTED]> wrote: > > On Thu, Sep 25, 2008 at 12:10 AM, Kevin Kinsey <[EMAIL PROTECTED]> wrote: > > > >> FBSD1 wrote: > >> > >>> > >>> natd_enable="YES" This statement in rc.conf enables ipfw nated > function. > >>> firewall_nat_enable="YES" This is an invalid statement. No such thing > as > >>> you have here. > >>> > >> > >> This is no longer true; he did indeed find "firewall_nat_enable" > >> in /etc/defaults/rc.conf. The knob seems to have first appeared > >> in February in HEAD and I'm guessing it cues the system to use a > >> new kernel-based nat rather than natd(8), but I've not read anything > >> further about this, as my system isn't as up to date as the OP's. > >> I don't know when this change was MFC'ed, but apparently fairly > >> recently? > >> > >> I suppose we need someone a tad more "in the know" to straighten > >> that out for us. > >> > > > > up to this moment, i do not know if natd and firewall_nat function in the > > same or different. > > and is there firewall_nat_flags thing too ? > > I'll try to explain, > > natd_* knobs are for natd(8), a daemon > firewall_nat_* knobs are for ipfw(8), NAT is processed by the kernel > > firewall_nat_* was added in the begenning of year in RELENG_7 > > http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.firewall?r1=1.52.2.2#rev1.52.2.2 > > The NAT configuration is done by /etc/rc.firewall, you can read this > file to know how the configuration is done. > > This is two different ways to do NAT. I can't speak about performance, > kernel vs daemon. > many thanks indeed for your clear explanations. so we simply use just one of them but not both, do not we ? once again, i appreciate all of your kind asistances in my case. with best regards, psr _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
