Date: Tue, 01 May 2001 22:25:37 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: Darren Reed <darrenr@reed.wattle.id.au> Cc: freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au Subject: Re: The future of ALTQ, IPsec & IPFILTER playing together ... Message-ID: <3AEF37E1.92962755@aurora.regenstrief.org> References: <200105012158.HAA22701@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote: > > In some email I received from Gunther Schadow, sie wrote: > [...] > > As an added benefit, the two network interfaces tun0 and fxp0 allow > > me to cope with the limited power of IPFILTER's NAT rules (as compared > > to IPFW). > > What is so limiting about NAT in IPFilter ? > > AFAIK, apart from packet matching capability, IPFilter NAT kicks ass over > ipfw or am I wrong ? No offense, but refer to my earlier posting about IPfilter's NAT matching being "both too complicated and too limited". In short, I cannot exclude a bunch of srcdst rules from being NATed. This is a major limitation for me. Generally I agree to your positive sentiment about IPFILTER, but sometimes the devil is in the little detail. regards -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AEF37E1.92962755>