From owner-freebsd-net  Tue May  1 15:25:56 2001
Delivered-To: freebsd-net@freebsd.org
Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197])
	by hub.freebsd.org (Postfix) with ESMTP id 2753637B61C
	for <freebsd-net@freebsd.org>; Tue,  1 May 2001 15:25:54 -0700 (PDT)
	(envelope-from gunther@aurora.regenstrief.org)
Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38])
	by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f41MUiX29728;
	Tue, 1 May 2001 17:30:44 -0500
Message-ID: <3AEF37E1.92962755@aurora.regenstrief.org>
Date: Tue, 01 May 2001 22:25:37 +0000
From: Gunther Schadow <gunther@aurora.regenstrief.org>
Organization: Regenstrief Institute for Health Care
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Darren Reed <darrenr@reed.wattle.id.au>
Cc: freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au
Subject: Re: The future of ALTQ, IPsec & IPFILTER playing together ...
References: <200105012158.HAA22701@avalon.reed.wattle.id.au>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Darren Reed wrote:
> 
> In some email I received from Gunther Schadow, sie wrote:
> [...]
> > As an added benefit, the two network interfaces tun0 and fxp0 allow
> > me to cope with the limited power of IPFILTER's NAT rules (as compared
> > to IPFW).
> 
> What is so limiting about NAT in IPFilter ?
> 
> AFAIK, apart from packet matching capability, IPFilter NAT kicks ass over
> ipfw or am I wrong ?

No offense, but refer to my earlier posting about IPfilter's NAT
matching being "both too complicated and too limited". In short,
I cannot exclude a bunch of srcdst rules from being NATed. This
is a major limitation for me. Generally I agree to your positive
sentiment about IPFILTER, but sometimes the devil is in the little
detail.

regards
-Gunther

-- 
Gunther Schadow, M.D., Ph.D.                    gschadow@regenstrief.org
Medical Information Scientist      Regenstrief Institute for Health Care
Adjunct Assistent Professor        Indiana University School of Medicine
tel:1(317)630-7960                         http://aurora.regenstrief.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message