From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun  2 21:51:48 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 59DE416A4CE
	for <freebsd-ipfw@freebsd.org>; Wed,  2 Jun 2004 21:51:48 -0700 (PDT)
Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2F98643D5A
	for <freebsd-ipfw@freebsd.org>; Wed,  2 Jun 2004 21:51:48 -0700 (PDT)
	(envelope-from freebsd-ipfw.20.openmacews@spamgourmet.com)
Received: (qmail 21699 invoked from network); 3 Jun 2004 04:51:47 -0000
Received: from ns1.presence-group.net (HELO [172.30.11.6])
	(blakers@[216.27.177.134])
	<freebsd-ipfw.20.openmacews@spamgourmet.com>)encrypted SMTP
	for <freebsd-ipfw@freebsd.org>; 3 Jun 2004 04:51:47 -0000
Date: Wed, 02 Jun 2004 21:51:45 -0700
From: OpenMacNews <freebsd-ipfw.20.openmacews@spamgourmet.com>
To: freebsd-ipfw <freebsd-ipfw@freebsd.org>
Message-ID: <92234AFA11C59EC7B7F8B9F3@[172.30.11.6]>
In-Reply-To: <20040602214301.A55108@xorpc.icir.org>
References: <00f901c44910$50cfb330$6466a8c0@wolf>
	<MIEPLLIBMLEEABPDBIEGKEHBGAAA.Barbish3@adelphia.net>
	<20040602214301.A55108@xorpc.icir.org>
X-Mailer: Mulberry/3.1.5 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
cc: Luigi Rizzo <rizzo@icir.org>
Subject: Re: does NATd _prevent_ use of stateful ipfw rules w/ keep-state?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: OpenMacNews <freebsd-ipfw.20.openmacews@spamgourmet.com>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2004 04:51:48 -0000

> and given that there are alternatives packet filters,
> i suggest people to use them if they are not happy with the
> performance of natd or the complexity of writing a working
> configuration with belt and suspenders

for *BSD, yes there are other options ...

just fyi, ipfw is the only available in-kernel option on OSX (I'm also implementing there as well).  rumor has it that Apple is considering a move to ipfw2, but for now that's all there is.

but i'm happy to learn/work through getting it done w/ natd, etc. per your suggestion.  hence, my _still_open_ questions to this list ...

richard