[afnog] IPfw + natd
Brian Candler
B.Candler at pobox.com
Fri Dec 2 18:18:46 EAT 2005
On Fri, Dec 02, 2005 at 04:24:07PM +0200, Mark Tinka wrote:
> Nonetheless, I managed to find the problem - at first I
> thought it was sysctl IPfw values where my dynamic IPfw
> rules were exhausting the system's default limits, but it
> turns out natd and advanced stateful IPfw don't
> co-operate very well. So downgrading the advanced
> stateful to simple stateful IPfw rules solved the problem
> - external access is consistent with no intermitent
> breaks.
>
> I'm now working on advanced stateful rules that will work
> with natd. A good option would be to run natd standalone,
> but I'm still looking for a LAN-to-LAN solution. natd
> already has a similar solution, but for PPP, though:
Another good solution might be to go with pf :-)
Regards,
Brian.
More information about the afnog
mailing list