From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jul 18 19:21:12 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 25AD6106564A
	for <freebsd-ipfw@freebsd.org>; Mon, 18 Jul 2011 19:21:12 +0000 (UTC)
	(envelope-from cswiger@mac.com)
Received: from asmtpout024.mac.com (asmtpout024.mac.com [17.148.16.99])
	by mx1.freebsd.org (Postfix) with ESMTP id 0D9B38FC1C
	for <freebsd-ipfw@freebsd.org>; Mon, 18 Jul 2011 19:21:11 +0000 (UTC)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from cswiger1.apple.com ([17.209.4.71])
	by asmtp024.mac.com (Oracle Communications Messaging Exchange Server
	7u4-18.01 64bit (built Jul 15 2010)) with ESMTPSA id
	<0LOJ00BJ2N3BD020@asmtp024.mac.com>
	for freebsd-ipfw@freebsd.org; Mon, 18 Jul 2011 12:21:11 -0700 (PDT)
X-Proofpoint-Virus-Version: vendor=fsecure
	engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
	definitions=2011-07-18_06:2011-07-18, 2011-07-18,
	1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0
	classifier=spam
	adjust=0 reason=mlx engine=6.0.2-1012030000 definitions=main-1107180159
From: Chuck Swiger <cswiger@mac.com>
In-reply-to: <CA4A532F.F6E0%david@pcnetwork.co.za>
Date: Mon, 18 Jul 2011 12:21:11 -0700
Message-id: <502A18D1-745D-48E9-B395-BDB5A24BD2FA@mac.com>
References: <CA4A532F.F6E0%david@pcnetwork.co.za>
To: David van Rensburg - PC Network <david@pcnetwork.co.za>
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Mon, 18 Jul 2011 19:36:25 +0000
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw and nat problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 19:21:12 -0000

On Jul 18, 2011, at 12:17 PM, David van Rensburg - PC Network wrote:
> In can mean traffic going from the lan to the internet AND from the
> internet to the lan because either way it goes into the box as if flows
> through the box correct?

Yes, I think so.  Most people seem to prefer to use "recv via _external_interface_" rather than "in" to identify traffic from the Internet at large incoming towards their machine or local subnet.

Regards,
-- 
-Chuck