From owner-freebsd-ipfw  Fri Feb  9 11:54:30 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from web4501.mail.yahoo.com (web4501.mail.yahoo.com [216.115.105.62])
	by hub.freebsd.org (Postfix) with SMTP id C510C37B684
	for <ipfw@FreeBSD.ORG>; Fri,  9 Feb 2001 11:54:12 -0800 (PST)
Message-ID: <20010209195412.27578.qmail@web4501.mail.yahoo.com>
Received: from [199.207.255.50] by web4501.mail.yahoo.com; Fri, 09 Feb 2001 11:54:12 PST
Date: Fri, 9 Feb 2001 11:54:12 -0800 (PST)
From: Jon <cykyc@yahoo.com>
Reply-To: cykyc@yahoo.com
Subject: Re: FreeBSD Application firewall w/o ip forwarding enabled
To: Luigi Rizzo <rizzo@aciri.org>
Cc: ipfw@FreeBSD.ORG
In-Reply-To: <200102091844.f19Iifg06092@iguana.aciri.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> use that (i assume the reason you do not want
> forwarding
> is to avoid remapping addrsses ?)

It's not to avoid remapping addresses, but to try and
use the firewall as an application firewall instead of
a packet filter firewall.  The running application on
the firewall would be in charge of receiving whatever
type of information on the external interface and then
redirecting it to the internal interface, instead of
simple NAT'n and IP forwarding, which is at the
network level.
 
> see http://www.iet.unipi.it/~luigi/ip_dummynet/
> 
> and the bridge and ipfw manpages
> 
> 	cheers
> 	luigi


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message