Date: Tue, 6 May 2003 11:43:14 +0200 From: Danny Carroll <fbsd@dannysplace.net> To: Guy Middleton <guy@obstruction.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: how to configure a FreeBSD firewall to pass IPSec? Message-ID: <1052214194.d45fa9082ef35@www.dannysplace.com> In-Reply-To: <20030501104614.A29056@chaos.obstruction.com> References: <20030430190040.A78C937B407@hub.freebsd.org> <1051788543.641.31.camel@thoreau.sohotech.ca> <20030501104614.A29056@chaos.obstruction.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Guy Middleton <guy@obstruction.com>: > Until now (and as recommended in the Handbook), I have been using ifpw > and natd. Everybody here who has IPSec client passthrough working seems > to use ifw/ipnat. Is ipf/ipnat more flexible? And why is there more than > one firewalling scheme in FreeBSD? FYI I have done this in ipfw/natd... It's just as easy. I think I only added one rule to my firewall and nothing to my natd.conf Now I can vpn from any machine on the internal lan to multiple vpn's. If you want I can send you the ruleset. ipfw and ipf are different. I started with ipf but now I like ipfw a lot more because I feel that it's more flexible (other do not). I particularly like the QOS stuff provided by dummynet so I think it would be hard for me to ever go back. -D
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1052214194.d45fa9082ef35>