Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Mar 2012 09:31:54 -0700
From:      Julian Elischer <>
Cc:        Da Rock <>
Subject:   Re: newbie IPFW user
Message-ID:  <>
In-Reply-To: <>
References:  <>	<8823954.VFuFedYPUb@magi> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 3/17/12 1:36 AM, Da Rock wrote:
> On 03/14/12 17:09, Rémy Sanchez wrote:
>> On Saturday 10 March 2012 00:39:24 Da Rock wrote:
>>> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I
>>> believe) was using 4.3. I'm now attempting to use IPFW for some tests
>>> (and hopefully move to production), and I'm trying to determine how I
>>> would setup binat using IPFW; or even if its possible at all.
>>> I've been hunting some more in depth documentation, but it appears 
>>> to be
>>> scarce/not definitive. I suspect using the modes in libalias such as
>>> "use same ports" and "reverse" might be able to do what I'm 
>>> looking for?
>>> Any clarity much appreciated.
>>> _______________________________________________
>>> mailing list
>>> To unsubscribe, send any mail to 
>>> ""
>> Well, what do you want to do with your firewall ?
>> Because ipfw is kick-ass for QoS management, and is fairly simple 
>> to use in
>> other tasks, but if you want to do some complex NAT, it's going to 
>> be a pain
>> in comparison to what pf offers.
>> Just make sure of what your main requirement is :)
>> My 2 cents,
> Bluntly put, but very accurate :)
> I want it to do something pf cant - port forward ipsec packets for 
> Android L2TP/IPSec. Apparently (according to pfsense experts) it is 
> impossible until Android 3.0 or 4.0. My next port of call will be 
> ipfilter, and thats a known working solution but I want to use more 
> robust native tools.

you need to really explain what you want here..  do you want the IP 
packets to still have the original ports/addesses in them or do you 
want to have the packets untouched, but redirected?

a picture helps too.

> As for being a pita - I don't know. It doesn't seem any harder to 
> me, could even be easier; seems to be a psychological thing. I'll 
> get back to you (the list) when I have achieved an outcome and let 
> you know. So far I haven't had to compile a new kernel, so thats a 
> definite plus... that could change though. More info in the next 
> episode ;) I've just finished wrestling with certificate 
> generation.... grr! It was easier last time, not sure what has been 
> the issue this time.
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to ""

Want to link to this message? Use this URL: <>