Date: Thu, 3 Mar 2005 20:27:19 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Chris Hodgins <chodgins@cis.strath.ac.uk>, Tomas Quintero <tomasq@gmail.com>, "J.D. Bronson" <jbronson@wixb.com> Cc: freebsd-questions@freebsd.org Subject: Re: [repost] ip.forwarding with pf Message-ID: <20050303182719.GA53040@orion.daedalusnetworks.priv> In-Reply-To: <422753BD.1020508@cis.strath.ac.uk> References: <6.2.0.14.2.20050303061448.00a34520@localhost> <9e46c99e05030307153a916d11@mail.gmail.com> <20050303171413.GB38641@orion.daedalusnetworks.priv> <422753BD.1020508@cis.strath.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-03-03 18:13, Chris Hodgins <chodgins@cis.strath.ac.uk> wrote: > Giorgos Keramidas wrote: >>On 2005-03-03 10:15, Tomas Quintero <tomasq@gmail.com> wrote: >>>On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson <jbronson@wixb.com> wrote: >>>> No one replied to this and I thought it was easy for someone on >>>> this list to help me? >>>> >>>> I am going to run pf and setup FBSD as a router (3 NICs). And I >>>> see there are some options: >>>> >>>> net.inet.ip.fastforwarding >>>> or >>>> net.inet.ip.forwarding >>>> >>>> Can someone tell me which is appropriate when FreeBSD 5.4-PRE is >>>> used as a router running pf with built in NAT ? >> >> As far as the original question, regarding PF and forwarding, the >> answer is AFAIK, that it should work. I haven't used PF's network >> address translation until now, but I don't see why it wouldn't work. >> >> Packet forwarding is, unless I'm mistaken, a prerequisite for any >> gateway. The fact that the gateway also translates addresses is not >> obligatory but just a characteristics of the local network topology >> (i.e. availability of public addresses). > > Hmm I found this: > http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html > > Google for "freebsd net.inet.ip.fastforwarding". Teh source is always a better source of documentation :) If you look at /usr/src/sys/netinet/ip_fastfwd.c, the comments near the top say the following: * * Firewalling is fully supported including divert, ipfw fwd and ipfilter * ipnat and address rewrite. * Reading the body of the ip_fastforward() function is also very helpful. It contains both hooks for ALTQ and PFIL processing of the incoming packets, so the answer to the original question is that "yes, address rewriting and bandwidth shaping work with fast forwarding too". - Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050303182719.GA53040>