From owner-freebsd-questions@FreeBSD.ORG Sun Dec 14 16:23:34 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8895516A4CE for ; Sun, 14 Dec 2003 16:23:34 -0800 (PST) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2027343D3C for ; Sun, 14 Dec 2003 16:23:28 -0800 (PST) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([67.20.101.103]) by mta9.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20031215002327.MAVJ23237.mta9.adelphia.net@barbish>; Sun, 14 Dec 2003 19:23:27 -0500 From: "fbsd_user" To: "Tillman Hodgson" , Date: Sun, 14 Dec 2003 19:23:26 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20031214233809.GS64340@seekingfire.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: ipnat+ipfw + 3 gateways X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2003 00:23:34 -0000 What do you think IPF is? That's the utility name used to load filter rules into IPFILTER. So you are doing just what I said. The original poster said nothing about doing traffic shaping. IPNAT will not function with out IPFILTER rules. At lease pass in all on all interfaces. He listed none in his post. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Tillman Hodgson Sent: Sunday, December 14, 2003 6:38 PM To: freebsd-questions@freebsd.org Subject: Re: ipnat+ipfw + 3 gateways On Sun, Dec 14, 2003 at 06:01:08PM -0500, fbsd_user wrote: > I think you are confused. IPNAT is part of ipfilter firewall and > IPFW is an different firewall who has his own NATD function. You can > not use one part from one and the other part from the other one. > They work as an set, IPNAT/IPFILTER or IPFW/NATD. Your best bet is > to use IPNAT and it's firewall IPFILTER. Not necessarily true. I'm using IPF for packet filtering, IPNAT for NAT, and IPFW for traffic shaping on the same firewall. The order that a packet is mangled becomes important, but that's solved simply by being careful when designing the firewall. -T -- Draw bamboos for ten years, become a bamboo, then forget all about bamboos when you are drawing. Georges Duthuit _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"