-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/02/2010 15:39, Warren Block wrote: > On Mon, 8 Feb 2010, John wrote: > >> The natd man page says it is still necessary to create a customer >> kernl with >> >> options IPFIREWALL >> options IPDIVERT >> >> Is that still true, or can it be accomplished vi a loader.conf? > > It's a kernel option, so you probably can't do it at runtime.
It's a loadable module (ipfw_nat.ko) nowadays, so you probably can do it at runtime... > Consider using pf instead of ipfw. pf does NAT without needing natd or > those kernel options. Heartily seconded. pf and ipfw fulfil the same sort of function, but to my mind, pf wins hands down simply by having a much more usable control interface and configuration syntax. Not to mention the advanced pf features like ftp-proxy, HA configuration, relayd and a bunch more. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktwOHkACgkQ8Mjk52CukIwuuwCeJwUl0RH1nSqIfYZimP7sO1hW ZZMAnjP1ZXWZVVZsPQA4YEFPtXHMWs1c =r3ny -----END PGP SIGNATURE----- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"