From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 16 23:06:07 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21564106566C for ; Tue, 16 Mar 2010 23:06:07 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (out-0-25.mx.aerioconnect.net [216.240.47.85]) by mx1.freebsd.org (Postfix) with ESMTP id 01E8D8FC0C for ; Tue, 16 Mar 2010 23:06:06 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o2GN66gc002046; Tue, 16 Mar 2010 16:06:06 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 098D12D601E; Tue, 16 Mar 2010 16:06:05 -0700 (PDT) Message-ID: <4BA00EDD.1010200@elischer.org> Date: Tue, 16 Mar 2010 16:06:05 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: n j References: <92bcbda51003100912k25facb5cxc9047105c91a4022@mail.gmail.com> <4B97E412.1050506@elischer.org> <4B981FE5.5090905@smartt.com> <4B9828B2.2010903@elischer.org> <92bcbda51003110047s717bed1bq8bb3eb787eab47f7@mail.gmail.com> <4B992EE8.30309@elischer.org> <92bcbda51003161522j2b8081a6x9978b27416c8665c@mail.gmail.com> In-Reply-To: <92bcbda51003161522j2b8081a6x9978b27416c8665c@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFIREWALL_FORWARD X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2010 23:06:07 -0000 n j wrote: >> it's needed for the functionality. >> you need to slightly change the behaviour or the existing stack in quite a >> number of places to handle a forwarded packet. > > Sorry for catching up with the thread so late, I was without Internet > connection for the last couple of days. > > Thanks for all the replies so far, I've got just one more question: is > it correct that pf (as loadable module) has this forward (aka > route-to) functionality without needing the kernel recompile? If so, > it might be that final push for me to switch from ipfw to pf. > > Regards, I can't answer for pf.. this is the ipfw mailing list. :-) If they do have the same functionality then they will need the same changes. If they do something different (e.g. changing the packet) then they may be able to do a subset of the same thing.