Date: Thu, 16 Feb 2006 04:11:37 +0300 From: Andrew Pantyukhin <infofarmer@gmail.com> To: bob@a1poweruser.com Cc: FreeBSD Questions <questions@freebsd.org> Subject: Re: natd with several alias IPs Message-ID: <cb5206420602151711m4e152a9ew62743b0c0b49b256@mail.gmail.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGOECAHCAA.bob@a1poweruser.com> References: <cb5206420602151616t4cdc6908nb9a95416b4679d6c@mail.gmail.com> <MIEPLLIBMLEEABPDBIEGOECAHCAA.bob@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/16/06, bob@a1poweruser.com <bob@a1poweruser.com> wrote: > I am not a ipfw expert. The truth of it is I was a ipfw user before > I added a LAN behind my gateway box. Ipfw does it's nating from > within ipfw and that it what makes ipfw nating so hard to get right. > It's even harder if you use keep state processing. Ipfilter and PF > do the nating separate from the firewall so the firewall always sees > the true LAN packets. For that reason I now use ipfilter. Your ipfw > question may get better answers from the ipfw questions list. In > reading your original post it was not clear to me that you had to do > this using ipfw. I read it as you were asking if it could be done at > all. Using alias ip's is not the correct term I believe. > Good luck finding a ipfw solution. I'm afraid you've got it all a little bit wrong. It's pf and ipf that have built-in nat facilites. ipfw uses divert sockets and an external natd process (so when one says natd, it's clear that he's dealing with ipfw). Alias ip is a natd term. Thanks anyway
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420602151711m4e152a9ew62743b0c0b49b256>