From owner-freebsd-ipfw@FreeBSD.ORG Sat Mar 17 08:41:34 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BADC7106564A for ; Sat, 17 Mar 2012 08:41:34 +0000 (UTC) (envelope-from freebsd-ipfw@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id 6BFDB8FC08 for ; Sat, 17 Mar 2012 08:41:34 +0000 (UTC) Received: from mail.unitedinsong.com.au (bell.herveybayaustralia.com.au [192.168.0.40]) by mail.unitedinsong.com.au (Postfix) with ESMTP id 4935D5C28 for ; Sat, 17 Mar 2012 18:54:58 +1000 (EST) Received: from laptop1.herveybayaustralia.com.au (laptop1.herveybayaustralia.com.au [192.168.0.177]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.unitedinsong.com.au (Postfix) with ESMTPSA id 2255E5C22 for ; Sat, 17 Mar 2012 18:54:58 +1000 (EST) Message-ID: <4F644CF4.2010004@herveybayaustralia.com.au> Date: Sat, 17 Mar 2012 18:36:04 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:7.0.1) Gecko/20111109 Thunderbird/7.0.1 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <4F5A161C.8060407@herveybayaustralia.com.au> <8823954.VFuFedYPUb@magi> In-Reply-To: <8823954.VFuFedYPUb@magi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: newbie IPFW user X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Mar 2012 08:41:34 -0000 On 03/14/12 17:09, Rémy Sanchez wrote: > On Saturday 10 March 2012 00:39:24 Da Rock wrote: >> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I >> believe) was using 4.3. I'm now attempting to use IPFW for some tests >> (and hopefully move to production), and I'm trying to determine how I >> would setup binat using IPFW; or even if its possible at all. >> >> I've been hunting some more in depth documentation, but it appears to be >> scarce/not definitive. I suspect using the modes in libalias such as >> "use same ports" and "reverse" might be able to do what I'm looking for? >> >> Any clarity much appreciated. >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > Well, what do you want to do with your firewall ? > > Because ipfw is kick-ass for QoS management, and is fairly simple to use in > other tasks, but if you want to do some complex NAT, it's going to be a pain > in comparison to what pf offers. > > Just make sure of what your main requirement is :) > > My 2 cents, Bluntly put, but very accurate :) I want it to do something pf cant - port forward ipsec packets for Android L2TP/IPSec. Apparently (according to pfsense experts) it is impossible until Android 3.0 or 4.0. My next port of call will be ipfilter, and thats a known working solution but I want to use more robust native tools. As for being a pita - I don't know. It doesn't seem any harder to me, could even be easier; seems to be a psychological thing. I'll get back to you (the list) when I have achieved an outcome and let you know. So far I haven't had to compile a new kernel, so thats a definite plus... that could change though. More info in the next episode ;) I've just finished wrestling with certificate generation.... grr! It was easier last time, not sure what has been the issue this time.