From owner-freebsd-questions@FreeBSD.ORG Thu Mar 3 18:27:43 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A05516A4CF for ; Thu, 3 Mar 2005 18:27:43 +0000 (GMT) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20D0F43D49 for ; Thu, 3 Mar 2005 18:27:42 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226])j23IR6A7018999; Thu, 3 Mar 2005 20:27:06 +0200 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) j23IRJo1053118; Thu, 3 Mar 2005 20:27:19 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost)j23IRJb9053117; Thu, 3 Mar 2005 20:27:19 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 3 Mar 2005 20:27:19 +0200 From: Giorgos Keramidas To: Chris Hodgins , Tomas Quintero , "J.D. Bronson" Message-ID: <20050303182719.GA53040@orion.daedalusnetworks.priv> References: <6.2.0.14.2.20050303061448.00a34520@localhost> <9e46c99e05030307153a916d11@mail.gmail.com> <20050303171413.GB38641@orion.daedalusnetworks.priv> <422753BD.1020508@cis.strath.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <422753BD.1020508@cis.strath.ac.uk> cc: freebsd-questions@freebsd.org Subject: Re: [repost] ip.forwarding with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 18:27:43 -0000 On 2005-03-03 18:13, Chris Hodgins wrote: > Giorgos Keramidas wrote: >>On 2005-03-03 10:15, Tomas Quintero wrote: >>>On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson wrote: >>>> No one replied to this and I thought it was easy for someone on >>>> this list to help me? >>>> >>>> I am going to run pf and setup FBSD as a router (3 NICs). And I >>>> see there are some options: >>>> >>>> net.inet.ip.fastforwarding >>>> or >>>> net.inet.ip.forwarding >>>> >>>> Can someone tell me which is appropriate when FreeBSD 5.4-PRE is >>>> used as a router running pf with built in NAT ? >> >> As far as the original question, regarding PF and forwarding, the >> answer is AFAIK, that it should work. I haven't used PF's network >> address translation until now, but I don't see why it wouldn't work. >> >> Packet forwarding is, unless I'm mistaken, a prerequisite for any >> gateway. The fact that the gateway also translates addresses is not >> obligatory but just a characteristics of the local network topology >> (i.e. availability of public addresses). > > Hmm I found this: > http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html > > Google for "freebsd net.inet.ip.fastforwarding". Teh source is always a better source of documentation :) If you look at /usr/src/sys/netinet/ip_fastfwd.c, the comments near the top say the following: * * Firewalling is fully supported including divert, ipfw fwd and ipfilter * ipnat and address rewrite. * Reading the body of the ip_fastforward() function is also very helpful. It contains both hooks for ALTQ and PFIL processing of the incoming packets, so the answer to the original question is that "yes, address rewriting and bandwidth shaping work with fast forwarding too". - Giorgos