From owner-freebsd-questions  Mon Jan 13 16: 3:36 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1585037B401
	for <freebsd-questions@freebsd.org>; Mon, 13 Jan 2003 16:03:35 -0800 (PST)
Received: from hermes.pressenter.com (hermes.pressenter.com [209.224.20.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 51A8943E4A
	for <freebsd-questions@freebsd.org>; Mon, 13 Jan 2003 16:03:34 -0800 (PST)
	(envelope-from nospam@hiltonbsd.com)
Received: from [209.224.32.131] (helo=daggar.sbgnet.net)
	by hermes.pressenter.com with smtp (Exim 3.16 #1)
	id 18YEYG-0001LM-00; Mon, 13 Jan 2003 18:03:33 -0600
Date: Mon, 13 Jan 2003 18:03:32 -0600
From: Stephen Hilton <nospam@hiltonbsd.com>
To: freebsd-questions@FreeBSD.ORG
Cc: barbish@a1poweruser.com
Subject: Re: execution sequance of IPFW/IPFILTER when used together
Message-Id: <20030113180332.20ad7484.nospam@hiltonbsd.com>
In-Reply-To: <MIEPLLIBMLEEABPDBIEGIEFODDAA.barbish@a1poweruser.com>
References: <MIEPLLIBMLEEABPDBIEGIEFODDAA.barbish@a1poweruser.com>
X-Mailer: Sylpheed version 0.8.8 (GTK+ 1.2.10; i386-portbld-freebsd4.7)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, 13 Jan 2003 14:40:18 -0500
"JoeB" <barbish@a1poweruser.com> wrote:

> Informational post for the archives
> 
> From  lists-freebsd@silverwraith.com  who wrote
> We actually found it goes:
> 
> Internal private Net -> NIC -> IPF+NAT -> IPFW -> Public internet
> World
> 
> Public internet World -> IPF+NAT -> IPFW -> NIC -> Internal Private
> net
> 
> 
> Suffice to say, IPF+NAT always sees the packets first
> 
> This is way to use ipfilter to perform the nat function and ipfw
> dummynet

There was also some comments regarding this sequence changing 
depending on whether IPF or IPFW are compiled in the kernel or 
loaded as modules, does this have any affect on this rule ?

Regards,

Stephen Hilton
nospam@hiltonbsd.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message