Date: Fri, 31 May 2002 13:12:17 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Jon Larssen <jonlarssen@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW + NATD + stateful ruleset? Message-ID: <Pine.BSF.4.21.0205311306320.47200-100000@cody.jharris.com> In-Reply-To: <F160cZK7VtzsHmIWwUj0000ec91@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 31 May 2002, Jon Larssen wrote: > from reading the list archives it seems that currently a stateful IPFW > rule in a box that also does the NAT doesn't work well. Granted, I > need to study more on the subject; Your assumptions are correct, stateful ipfw & nat is painful, maybe not even doable reliably. There are workarounds though...one of which is to run ipfilter. There are other options like running ppp -nat. Several web sites mention the other techniques to get around this annoiance. > but, can I still use a stateful rule in the non-NATted interface? (the > public one) Yes, you can run stateful inspection on a non natd'd interface easily. man ipfw. Nick Rogness <nick@rogness.net> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0205311306320.47200-100000>