Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Mar 2012 18:36:04 +1000
From:      Da Rock <>
Subject:   Re: newbie IPFW user
Message-ID:  <>
In-Reply-To: <8823954.VFuFedYPUb@magi>
References:  <> <8823954.VFuFedYPUb@magi>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 03/14/12 17:09, Rémy Sanchez wrote:
> On Saturday 10 March 2012 00:39:24 Da Rock wrote:
>> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I
>> believe) was using 4.3. I'm now attempting to use IPFW for some tests
>> (and hopefully move to production), and I'm trying to determine how I
>> would setup binat using IPFW; or even if its possible at all.
>> I've been hunting some more in depth documentation, but it appears to be
>> scarce/not definitive. I suspect using the modes in libalias such as
>> "use same ports" and "reverse" might be able to do what I'm looking for?
>> Any clarity much appreciated.
>> _______________________________________________
>> mailing list
>> To unsubscribe, send any mail to ""
> Well, what do you want to do with your firewall ?
> Because ipfw is kick-ass for QoS management, and is fairly simple to use in
> other tasks, but if you want to do some complex NAT, it's going to be a pain
> in comparison to what pf offers.
> Just make sure of what your main requirement is :)
> My 2 cents,
Bluntly put, but very accurate :)

I want it to do something pf cant - port forward ipsec packets for 
Android L2TP/IPSec. Apparently (according to pfsense experts) it is 
impossible until Android 3.0 or 4.0. My next port of call will be 
ipfilter, and thats a known working solution but I want to use more 
robust native tools.

As for being a pita - I don't know. It doesn't seem any harder to me, 
could even be easier; seems to be a psychological thing. I'll get back 
to you (the list) when I have achieved an outcome and let you know. So 
far I haven't had to compile a new kernel, so thats a definite plus... 
that could change though. More info in the next episode ;) I've just 
finished wrestling with certificate generation.... grr! It was easier 
last time, not sure what has been the issue this time.

Want to link to this message? Use this URL: <>