nat and ipfw - divert or builtin
Christer Hermansson
mail at chdevelopment.se
Mon Sep 24 15:57:45 PDT 2007
Randy Bush wrote:
>> divert
>> ipnat
>> ipfw's integrated nat
>>
>> I believe the integrated version makes configuration simpler. I would
>> choose the old classic divert with ipfw if it is for a important network
>> that must work, but if I was running -current I would try the integrated
>> variant beacuse it seems to be simpler to use.
>>
>
> you seem to imply that you have reason to suspect that ipfw integrated
> nat might not be reliable, or at least not as reliable as divert+natd.
> any particular experiences or gossip to tell?
>
>
No, like I said I only have experience with divert, but in my opinion
it's best to not use the latest software for things that *must* work and
the integrated nat is a new thing and only available for -current.
However it's based on something that been around for a while, libalias,
so I guess it's stable.
I'm planning on trying to use ipnat with ipfw on freebsd 6.2 because I
think that's simpler than divert and has been around for a while.
But again if I was running a system based on -current I would go for the
integrated variant.
--
Christer Hermansson
More information about the freebsd-net
mailing list