Date: Thu, 1 May 2003 15:32:51 -0400 From: "V. M. Smith" <vmsmith@grokking.org> To: <freebsd-security@freebsd.org> Subject: RE: how to configure a FreeBSD firewall to pass IPSec? Message-ID: <7931E2E61A63FB4D9F0DECE73E05C636D227@conrad.sohotech.ca>
next in thread | raw e-mail | index | archive | help
Guy: FWIW, I tried ipfw/natd a few weeks ago but couldn't seem to get it to = keep state properly through NAT. Eventually I gave up and turned to = ipf/ipnat and have been happy with it ever since. I thought I read somewhere that ipfw/natd is the more "native" of the = two systems and been a part of FreeBSD for a longer time but someone = more experienced with the OS than myself can probably shed more light on = this. Also, I think ipfw has better application for traffic shaping, if = that's a feature you want/need. Some claim you can successfully mix the = two simultaneously but I'm not familiar (or brave) enough to try :) VS ------------------------------ Message: 9 Date: Thu, 1 May 2003 10:46:22 -0400 From: Guy Middleton <guy@obstruction.com> Subject: Re: how to configure a FreeBSD firewall to pass IPSec? To: freebsd-security@freebsd.org Message-ID: <20030501104614.A29056@chaos.obstruction.com> Content-Type: text/plain; charset=3Dus-ascii Thanks to everybody for the suggestions, I'll try them this weekend. The discussion brings up a question: Until now (and as recommended in the Handbook), I have been using ifpw and natd. Everybody here who has IPSec client passthrough working seems to use ifw/ipnat. Is ipf/ipnat more flexible? And why is there more = than one firewalling scheme in FreeBSD? ------------------------------ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" End of freebsd-security Digest, Vol 6, Issue 3 **********************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7931E2E61A63FB4D9F0DECE73E05C636D227>