[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FreeBSD as Server
- To: "Brian Candler" <B_(_dot_)_Candler_(_at_)_pobox_(_dot_)_com>
- Subject: Re: FreeBSD as Server
- From: "Freddie Cash" <fcash_(_at_)_ocis_(_dot_)_net>
- Date: Sat, 14 Jan 2006 23:23:07 -0800 (PST)
- Cc: freebsd-isp_(_at_)_freebsd_(_dot_)_org
- Reply-to: fcash_(_at_)_ocis_(_dot_)_net
On Sat, January 14, 2006 12:38 pm, Brian Candler wrote:
> On Sat, Jan 14, 2006 at 06:01:14PM +0200, Alexander wrote:
>> I think, that ipfw is native for FreeBSD - it works better than
>> other packet filters. Am I right?
> Not really. For NAT in particular, ipfw is pretty awful. You need an
> external daemon (natd) and have to route packets to and from it, which
> works fine if you have a very simple configuration (e.g. single
> external interface, basic NAT-everything-going-out or NAT all RFC1918
> address space). More complex scenarios can be an utter nightmare to
> configure properly.
IPFW in FreeBSD 6.0 includes support for in-kernel NAT using the nat
keyword. Just recompile the kernel with "options LIBALIAS" to enable
it. I haven't tested it just yet (my home firewall is recompiling it
all right now), but the stuff I've read online makes it seem like it
should be on-par with IPFilter/PF's nat.
Don't know if it qualifies as a complex scenario or not, but we use
P2-333 MHz systems with 256 MB RAM running FreeBSD 5.3 using
IPFW/natd. All stations behind the firewall are in an RFC1918
network. Some stations are given public IPs for access using 1-for-1
NAT on the firewall, and all the rest go out via standard 1-to-many
NAT. So far, no issues to speak of. [knock wood] We even have
multiple VPNs configured and use fwd rules to pass packets through
freebsd-isp_(_at_)_freebsd_(_dot_)_org mailing list
To unsubscribe, send any mail to "freebsd-isp-unsubscribe_(_at_)_freebsd_(_dot_)_org"
Visit your host, monkey.org