Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Mar 2012 09:31:54 -0700
From:      Julian Elischer <julian@freebsd.org>
To:        freebsd-ipfw@freebsd.org
Cc:        Da Rock <freebsd-ipfw@herveybayaustralia.com.au>
Subject:   Re: newbie IPFW user
Message-ID:  <4F64BC7A.8080607@freebsd.org>
In-Reply-To: <4F644CF4.2010004@herveybayaustralia.com.au>
References:  <4F5A161C.8060407@herveybayaustralia.com.au>	<8823954.VFuFedYPUb@magi> <4F644CF4.2010004@herveybayaustralia.com.au>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 3/17/12 1:36 AM, Da Rock wrote:
> On 03/14/12 17:09, Rémy Sanchez wrote:
>> On Saturday 10 March 2012 00:39:24 Da Rock wrote:
>>> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I
>>> believe) was using 4.3. I'm now attempting to use IPFW for some tests
>>> (and hopefully move to production), and I'm trying to determine how I
>>> would setup binat using IPFW; or even if its possible at all.
>>>
>>> I've been hunting some more in depth documentation, but it appears 
>>> to be
>>> scarce/not definitive. I suspect using the modes in libalias such as
>>> "use same ports" and "reverse" might be able to do what I'm 
>>> looking for?
>>>
>>> Any clarity much appreciated.
>>> _______________________________________________
>>> freebsd-ipfw@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>>> To unsubscribe, send any mail to 
>>> "freebsd-ipfw-unsubscribe@freebsd.org"
>> Well, what do you want to do with your firewall ?
>>
>> Because ipfw is kick-ass for QoS management, and is fairly simple 
>> to use in
>> other tasks, but if you want to do some complex NAT, it's going to 
>> be a pain
>> in comparison to what pf offers.
>>
>> Just make sure of what your main requirement is :)
>>
>> My 2 cents,
> Bluntly put, but very accurate :)
>
> I want it to do something pf cant - port forward ipsec packets for 
> Android L2TP/IPSec. Apparently (according to pfsense experts) it is 
> impossible until Android 3.0 or 4.0. My next port of call will be 
> ipfilter, and thats a known working solution but I want to use more 
> robust native tools.

you need to really explain what you want here..  do you want the IP 
packets to still have the original ports/addesses in them or do you 
want to have the packets untouched, but redirected?

a picture helps too.

>
> As for being a pita - I don't know. It doesn't seem any harder to 
> me, could even be easier; seems to be a psychological thing. I'll 
> get back to you (the list) when I have achieved an outcome and let 
> you know. So far I haven't had to compile a new kernel, so thats a 
> definite plus... that could change though. More info in the next 
> episode ;) I've just finished wrestling with certificate 
> generation.... grr! It was easier last time, not sure what has been 
> the issue this time.
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4F64BC7A.8080607>