Date: Sun, 21 Dec 2003 08:29:00 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "hugle" <hugle@vkt.lt>, <freebsd-questions@freebsd.org> Subject: RE: ipfw forward alternative in IPF ? Message-ID: <MIEPLLIBMLEEABPDBIEGEEFMFBAA.fbsd_user@a1poweruser.com> In-Reply-To: <19966095930.20031221035447@vkt.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
Sure ipnat and IPFW can and do play together very well. I had problems with IPFW keep-state rules and IPFW/NATD. The Natd function is a subroutine launched by the divert rule. I removed the divert rule and turned off IPFW_nat in rc.conf and added ipfilter-ipnat to rc.conf. IPFILTER defaults to pass all traffic so by just using ipnat all the Nating gets done outside of IPFW. IPNAT does have forward rules. After an while I converted all my IPFW rules to IPFILTER and got rid of IPFW all together. I never compile IPFW or IPFILTER into the kernel, just let FBSD load the binary modules at boot time. I found IPFILTER to be easier to use and configure using the 'quick' option. The only reason to use IPFW is if you use dummynet for bandwidth control. I know the FBSD handbook misleads the reader into believing IPFW is the best firewall but that is because IPFW is an internal FBSD development project. http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of hugle Sent: Sunday, December 21, 2003 6:55 AM To: freebsd-questions@freebsd.org Subject: ipfw forward alternative in IPF ? Hello all. I'm searching for alternative `ipfw forward` comamnd in ipf >From man I didn't find if there would eb any. actualy what i'm trying to do is to forward some traffic but ipnat and ipfw forward doens't work together ;) -- Best regards,Hugle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEEFMFBAA.fbsd_user>