From owner-freebsd-questions Sat Jan 8 12: 0:38 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130]) by hub.freebsd.org (Postfix) with ESMTP id 4B867152AC for ; Sat, 8 Jan 2000 12:00:21 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id WAA10825; Sat, 8 Jan 2000 22:00:20 +0200 (EET) (envelope-from ru) Date: Sat, 8 Jan 2000 22:00:20 +0200 From: Ruslan Ermilov To: cjclark@home.com Cc: Robert A Clarks , freebsd-questions@FreeBSD.org Subject: Re: ipfw, natd, dummynet, & PPPoE. Message-ID: <20000108220020.A7623@relay.ucb.crimea.ua> Mail-Followup-To: cjclark@home.com, Robert A Clarks , freebsd-questions@FreeBSD.org References: <88256860.000494D7.00@notes.or.regence.com> <200001081855.NAA04387@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <200001081855.NAA04387@cc942873-a.ewndsr1.nj.home.com>; from Crist J. Clark on Sat, Jan 08, 2000 at 01:55:00PM -0500 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jan 08, 2000 at 01:55:00PM -0500, Crist J. Clark wrote: > Robert A Clarks wrote, > > I'll be building a system to act as my firewall / proxy / router between ADSL > > and my home network. > > > > I'll be using an old 440BX based motherboard with a 225Mhz Pentium processor, > > and two Pro100+ NICs. (32MB RAM, 5.1GB IDE HD, IDE CDROM) > > > > What version of the OS should I use? 3.4R? > > 3.4-RELEASE or the latest 3.4-STABLE. > > > Is there a document that describes the interaction between ipfw and natd? > > I want to understand how they relate before I attempt to use them. > > They really do not "interact" all that much. All you need to know is: > > 1. Any packet starts into IPFW in the usual manner. > > 2. It flows through the rules in its original state until it is > passed, dropped, etc., or diverted to NATd. > > 3. NATd then receives the packet and does what ever it is going to > do to the packet. > > => 4. The packet, now modified by NATd, then re-enters the IPFW rule > list at the rule following where it was diverted. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Umm, not exactly, see section LOOP AVOIDANCE of the divert(4) manpage. > 5. The modified packet then flows down the IPFW rules normally. > > As I have pointed out, item (4) is the one people sometimes get > confused about. > > Hope that's what you were asking. HTH. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message