Date: Mon, 2 Jun 2003 20:11:40 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Vlad GALU <vladg@vipnet.ro> Cc: freebsd-security@freebsd.org Subject: Re: Packet flow through IPFW+IPF+IPNAT ? Message-ID: <20030602200857.T6733-100000@cactus.fi.uba.ar> In-Reply-To: <20030602174758.3f85db72.vladg@vipnet.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Jun 2003, Vlad GALU wrote: > Example one: IPF is compiled in kernel, IPFW is a module. In this case > IPFW stands 'outside' of IPF. > Example two: viceversa: the order in which they take action is reversed > too. Are you sure? Last time I saw the code (almost a year ago) it didn't make a difference if they were loaded as modules or compiled in kernel. The hooks were in the same place. > IPNAT is always 'outside' IPF. Or, in other words, IPF always 'sees' the real IPs, not the NATed ones. Fer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030602200857.T6733-100000>