Date: Tue, 11 Aug 1998 16:02:15 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: Dan Langille <junkmale@xtra.co.nz> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw and natd Message-ID: <Pine.BSF.3.95.980811155955.29188C-100000@current1.whistle.com> In-Reply-To: <199808112247.KAA07516@cyclops.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
the difference is what happens to packets after translation.... under 2.2.5 they are restarted after translation at teh beginning of the filter again, but skipping the translation the second time through. under 3.0 they re-enter the filter directly after the translation entry. (where they left off) if the translation entry is at the start, then the two cases are equivalent.. :-) (there is a kernel option in 2.2.7 to make it use the 3.0 semantics) julian On Wed, 12 Aug 1998, Dan Langille wrote: > Thanks for the reply. > > I take it that it does not make a difference under 2.2.5 or later? If it > does, what difference? What difference will it make under 3.0? > > On 11 Aug 98, at 15:38, Julian Elischer wrote: > > > it should be as early as possible.. > > this will make a difference to the way it works in 3.0 > > > > julian > > > > > > On Tue, 11 Aug 1998, Dan Langille wrote: > > > > > I'm using ifpw and natd. In order for natd to work, the following rule > > > must be present somewhere within the ipfw rules. > > > > > > divert natd ip from any to any via ed0 > > > > > > (or whatever your external nic is if it's not ed0). > > > > > > Where should that rule be placed in relationship to other rules? At the > > > top, at the bottom? > > > > > > I used to have it as the last rule (before the deny all rule). But an > > > example I just found > > > (http://www.metronet.com/~pgilley/freebsd/ipfw/ben2.html) has this rule > > > at the top. > > > > > > I'm confused. I thought you'd want to disallow stuff before allowing > > > the natd stuff. Or am I mucked up? > > > > > > -- > > > Dan Langille > > > DVL Software Limited > > > http://www.dvl-software.com/freebsd : my [mis]adventures > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > -- > Dan Langille > DVL Software Limited > http://www.dvl-software.com/freebsd : my [mis]adventures > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.980811155955.29188C-100000>