Date: Sat, 06 Sep 2008 15:10:18 +0200 From: secucatcher@free.fr To: freebsd-pf@FreeBSD.org Subject: (no subject) Message-ID: <1220706618.48c2813ab9cc6@imp.free.fr>
next in thread | raw e-mail | index | archive | help
hi everybody, my work now is to change a linux firewall with iptables to freebsd/pf/carp i migrate 6500 lines of iptables with no problem in ten day there is 400 servers to filter and maybe more in the new datacenter (1400/1700) the firewall do nat ! they have something like this: iptables -t nat -I PREROUTING -d <pub ip> -j DNAT --to <priv ip> the idea behind is that two server on the same lan behind the firewall could be seen each other like they are on internet in different place, they use webservices and they already deal with that. the first contact the second not on the lan but through the firewall with public address. the firewall must be in production next week, they just told me this new thing they want this morning (and it was not in the first part i migrate) and i finish the last three hours i must do on this project. if i didn't win ;) they stay with iptables. i try some idea http://www.openbsd.org/faq/pf/rdr.html but most of what i do for the server is binat and not rdr. i can't deal with netcat for such a project , pftpx is already a bit dirty for them instead of conntrack thank you for your help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1220706618.48c2813ab9cc6>