Skip site navigation (1)Skip section navigation (2)
Date:      Fri,  9 Mar 2001 07:19:29 -0800 (PST)
From:      Mike Harding <mvh@ix.netcom.com>
To:        veldy@veldy.net
Cc:        arr@oceanwave.com, freebsd-stable@FreeBSD.ORG, christopher@schulte.org
Subject:   Re: 4.2-R, bridging and ipfilter
Message-ID:  <20010309151929.F412D113E04@netcom1.netcom.com>
In-Reply-To: <002f01c0a8a7$c3e9fb30$3028680a@tgt.com> (veldy@veldy.net)
References:  <5.0.2.1.0.20010308160207.02762e18@pop.schulte.org> <002f01c0a8a7$c3e9fb30$3028680a@tgt.com>

next in thread | previous in thread | raw e-mail | index | archive | help

IPFILTER works great - we use it on a T1 at work for about 20 people
for NAT and transparent squid proxying and it never hiccups and there
is no noticeable load on the system.  IPFW defaults to a 5 minute
timeout on sessions, ipfilter to 5 _days_ so it behaves much more like
what people expect.  I suspect that ipfilter is used for more
'industrial strength' uses.

Also, the NAT in ipfilter is kernel based so it's quite fast.

- Mike H.

   From: "Thomas T. Veldhouse" <veldy@veldy.net>
   Date: Fri, 9 Mar 2001 08:46:43 -0600
   Content-Type: text/plain;
	   charset="iso-8859-1"
   X-Priority: 3
   X-MSMail-Priority: Normal
   X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
   Sender: owner-freebsd-stable@FreeBSD.ORG
   X-Loop: FreeBSD.ORG
   Precedence: bulk

   IPFILTER is an alternative to IPFIREWALL.  As far as I know, IPFILTER does
   not work on bridged packets -- so you can not firewall you LAN transparently
   using a IPFILTER bridge.  IPFIREWALL does filter bridged packets.  However,
   I don't believe the stateful rules processing is as robust.  I was getting
   errors about too many states and such -- so I went back to IPFILTER using
   IPNAT (using bimap).

   Tom Veldhouse
   veldy@veldy.net

   ----- Original Message -----
   From: "Christopher Schulte" <christopher@schulte.org>
   To: <arr@oceanwave.com>; <freebsd-stable@FreeBSD.ORG>
   Sent: Thursday, March 08, 2001 4:03 PM
   Subject: Re: 4.2-R, bridging and ipfilter


   > At 04:48 PM 3/8/2001 -0500, arr@oceanwave.com wrote:
   > >Has anyone gotten bridging and ipfilter to work together with 4.2-R?
   >
   > Question: do you mean IPFIREWALL and bridging?
   >
   > If so, yes.
   >
   >
   > To Unsubscribe: send mail to majordomo@FreeBSD.org
   > with "unsubscribe freebsd-stable" in the body of the message
   >


   To Unsubscribe: send mail to majordomo@FreeBSD.org
   with "unsubscribe freebsd-stable" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010309151929.F412D113E04>