From owner-freebsd-questions@FreeBSD.ORG Sun Dec 21 05:29:03 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4CFE16A4CE for ; Sun, 21 Dec 2003 05:29:03 -0800 (PST) Received: from mta11.adelphia.net (mta11.adelphia.net [68.168.78.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A03E43D5A for ; Sun, 21 Dec 2003 05:29:00 -0800 (PST) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([67.20.101.103]) by mta11.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20031221132859.QHFZ1240.mta11.adelphia.net@barbish>; Sun, 21 Dec 2003 08:28:59 -0500 From: "fbsd_user" To: "hugle" , Date: Sun, 21 Dec 2003 08:29:00 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <19966095930.20031221035447@vkt.lt> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: ipfw forward alternative in IPF ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Dec 2003 13:29:03 -0000 Sure ipnat and IPFW can and do play together very well. I had problems with IPFW keep-state rules and IPFW/NATD. The Natd function is a subroutine launched by the divert rule. I removed the divert rule and turned off IPFW_nat in rc.conf and added ipfilter-ipnat to rc.conf. IPFILTER defaults to pass all traffic so by just using ipnat all the Nating gets done outside of IPFW. IPNAT does have forward rules. After an while I converted all my IPFW rules to IPFILTER and got rid of IPFW all together. I never compile IPFW or IPFILTER into the kernel, just let FBSD load the binary modules at boot time. I found IPFILTER to be easier to use and configure using the 'quick' option. The only reason to use IPFW is if you use dummynet for bandwidth control. I know the FBSD handbook misleads the reader into believing IPFW is the best firewall but that is because IPFW is an internal FBSD development project. http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of hugle Sent: Sunday, December 21, 2003 6:55 AM To: freebsd-questions@freebsd.org Subject: ipfw forward alternative in IPF ? Hello all. I'm searching for alternative `ipfw forward` comamnd in ipf >From man I didn't find if there would eb any. actualy what i'm trying to do is to forward some traffic but ipnat and ipfw forward doens't work together ;) -- Best regards,Hugle