From owner-freebsd-ipfw@FreeBSD.ORG Sun Dec 7 07:02:48 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CC5516A4CE for ; Sun, 7 Dec 2003 07:02:48 -0800 (PST) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72D3343F85 for ; Sun, 7 Dec 2003 07:02:46 -0800 (PST) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([67.20.101.103]) by mta10.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20031207150249.ILXV25110.mta10.adelphia.net@barbish>; Sun, 7 Dec 2003 10:02:49 -0500 From: "fbsd_user" To: "Michael Lopez" , Date: Sun, 7 Dec 2003 10:02:45 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20031207051920.87731.qmail@web20725.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: ipfw + natd + ppp X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2003 15:02:48 -0000 FYI IPFW and stateful rules has an long time bug when used with IPFW's built in NATD function. User ppp has it's own NAT function. You are much better off using User ppp and it's built in NAT function and IPFW without the divert rule. On the other hand FBSD also has an second firewall called IPFILTER and it has it's own NAT function called IPNAT. Both IPFW and IPFILTER come embedded in FBSD as part of the install. IPFW is authored by the FBSD project and as such it gets unfair preferred treatment in the FBSD handbook. The handbook leads the reader into believing IPFW is the only firewall FBSD has to offer. IPFW is targeted at the professional and the home power user, not the newbe. IPFW is loaded with code bloat and is getting worse now that it has been rewritten as IPFW2 and the bug was not fixed because it's in the NATD module and that was not rewritten. IPFW is not user friendly and IPFILTER is much more user friendly and it's stateful rules work without any problems. People who are members of the IPFW maintenance team tell me the MATD module code is an can of worms and nobody wants to touch it. If you decide to use IPFILTER I can point you to an very good how-to. And as a side note in FBSD 4.9 the ports collection has an new port added for the IPF firewall. So you really have 3 chooses of firewall software. I have not tested the IPF port so I have no comments on it yet. -----Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org]On Behalf Of Michael Lopez Sent: Sunday, December 07, 2003 12:19 AM To: freebsd-ipfw@freebsd.org Subject: ipfw + natd + ppp Hello all, I was wondering if you guys have a good URL for ipfw + ppp (dial up) + natd for private network (exp: 192.168.0.0) tutorials or resources ? I tried to search at google.com/bsd but hardly can't find a good one for dial up (also tried freebsd.org ; defcon.org ; freebsddiaries ; freebsdhowtos) thank you. --------------------------------- Do you Yahoo!? Free Pop-Up Blocker - Get it now _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"