Re: ipfw and it's glory...

From: Bart Matthaei (
Date: 07/17/02

Date: Wed, 17 Jul 2002 14:26:06 +0200
From: Bart Matthaei <>
To: Sabri Berisha <>

On Wed, Jul 17, 2002 at 02:16:29PM +0200, Sabri Berisha wrote:
> > Natd on a firewall ? Firewalling a public network ? I don't think so
> > :)
> Nothing wrong with that. In fact, you might even want to consider using
> natd only if you don't use the box for another purpose.

I wouldn't advise running natd on a firewall serving a large network, since it runs in userland.
IPnat is an option, though.

Anyway, back to the original issue:

I'd rather not use PunchFW on a large network.

They don't call > 1024 un-privileged for nothing. No need firewalling
all of them. Just a few daemons that use them, like Mysql and X.



Bart Matthaei        
If at first you don't succeed, redefine success.
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message