Date: Sat, 17 Mar 2012 18:36:04 +1000 From: Da Rock <freebsd-ipfw@herveybayaustralia.com.au> To: freebsd-ipfw@freebsd.org Subject: Re: newbie IPFW user Message-ID: <4F644CF4.2010004@herveybayaustralia.com.au> In-Reply-To: <8823954.VFuFedYPUb@magi> References: <4F5A161C.8060407@herveybayaustralia.com.au> <8823954.VFuFedYPUb@magi>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/14/12 17:09, Rémy Sanchez wrote: > On Saturday 10 March 2012 00:39:24 Da Rock wrote: >> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I >> believe) was using 4.3. I'm now attempting to use IPFW for some tests >> (and hopefully move to production), and I'm trying to determine how I >> would setup binat using IPFW; or even if its possible at all. >> >> I've been hunting some more in depth documentation, but it appears to be >> scarce/not definitive. I suspect using the modes in libalias such as >> "use same ports" and "reverse" might be able to do what I'm looking for? >> >> Any clarity much appreciated. >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > Well, what do you want to do with your firewall ? > > Because ipfw is kick-ass for QoS management, and is fairly simple to use in > other tasks, but if you want to do some complex NAT, it's going to be a pain > in comparison to what pf offers. > > Just make sure of what your main requirement is :) > > My 2 cents, Bluntly put, but very accurate :) I want it to do something pf cant - port forward ipsec packets for Android L2TP/IPSec. Apparently (according to pfsense experts) it is impossible until Android 3.0 or 4.0. My next port of call will be ipfilter, and thats a known working solution but I want to use more robust native tools. As for being a pita - I don't know. It doesn't seem any harder to me, could even be easier; seems to be a psychological thing. I'll get back to you (the list) when I have achieved an outcome and let you know. So far I haven't had to compile a new kernel, so thats a definite plus... that could change though. More info in the next episode ;) I've just finished wrestling with certificate generation.... grr! It was easier last time, not sure what has been the issue this time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F644CF4.2010004>