From owner-freebsd-questions  Sun Oct 20  9:39:13 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 08A3C37B401; Sun, 20 Oct 2002 09:39:12 -0700 (PDT)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 256AE43E75; Sun, 20 Oct 2002 09:39:11 -0700 (PDT)
	(envelope-from ck@cksoft.de)
Received: from localhost (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id 2E7521FFE6E; Sun, 20 Oct 2002 18:38:54 +0200 (CEST)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id 6EB8D1FFE66; Sun, 20 Oct 2002 18:38:53 +0200 (CEST)
Received: by hirvi.cksoft.de (Postfix, from userid 1000)
	id BE4511B679; Sun, 20 Oct 2002 18:33:34 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by hirvi.cksoft.de (Postfix) with ESMTP
	id A985618E88; Sun, 20 Oct 2002 18:33:34 +0200 (CEST)
Date: Sun, 20 Oct 2002 18:33:34 +0200 (CEST)
From: Christian Kratzer <ck-lists@cksoft.de>
X-X-Sender:  <ck@hirvi.cksoft.de>
To: JoeB <barbish@a1poweruser.com>
Cc: FBSDQ <questions@FreeBSD.ORG>,
	"freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG>
Subject: Re: Alternative to NATD or IPNAT for cable connection.
In-Reply-To: <MIEPLLIBMLEEABPDBIEGOEIDCNAA.barbish@a1poweruser.com>
Message-ID: <Pine.LNX.4.33.0210201830010.25862-100000@hirvi.cksoft.de>
X-Spammer-Kill-Ratio: 75%
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS snapshot-20020300
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

On Sun, 20 Oct 2002, JoeB wrote:

> Help please, I looking for a software port that does NAT 
> (network address translation).  Before getting cable I used user 
> PPP for dial up ISP with NAT function and then IPFW with 
> keep-state rules. This worked great because NAT was being done 
> outside of IPFW.  Once I went to cable with DHCP I had to also go 
> to IPFW with NATD. NATD has problems with IPFW keep-state rules 
> where rules are mis-matched because of IPFW getting confused between 
> private and public ip address.  

natd works fine together with ipfw.  You just have to think about the 
order packets are handled by ipfw and when you pass them to natd.

Greetings
Christian

-- 
CK Software GmbH
Christian Kratzer,		Schwarzwaldstr. 31, 71131 Jettingen
Email:	ck@cksoft.de
Phone: 	+49 7452 889-135	Open Software Solutions, Network Security
Fax: 	+49 7452 889-136	FreeBSD spoken here!



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message