From owner-freebsd-questions@FreeBSD.ORG  Sun Dec 14 15:38:13 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3981716A4CF
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Dec 2003 15:38:13 -0800 (PST)
Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DC73343D36
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Dec 2003 15:38:10 -0800 (PST)
	(envelope-from tillman@seekingfire.com)
Received: by mail.seekingfire.com (Postfix, from userid 500)
	id 2A6AE123; Sun, 14 Dec 2003 17:38:10 -0600 (CST)
Date: Sun, 14 Dec 2003 17:38:10 -0600
From: Tillman Hodgson <tillman@seekingfire.com>
To: freebsd-questions@freebsd.org
Message-ID: <20031214233809.GS64340@seekingfire.com>
References: <1120787753.20031215004154@vkt.lt>
	<MIEPLLIBMLEEABPDBIEGGEKCFAAA.fbsd_user@a1poweruser.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <MIEPLLIBMLEEABPDBIEGGEKCFAAA.fbsd_user@a1poweruser.com>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
X-GPG-Key-ID: 828AFC7B
X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68  F543 0F0A 7FBC 828A FC7B
X-GPG-Key: http://www.seekingfire.com/gpg_key.asc
X-Urban-Legend: There is lots of hidden information in headers
User-Agent: Mutt/1.5.5.1i
Subject: Re: ipnat+ipfw  + 3 gateways
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Dec 2003 23:38:13 -0000

On Sun, Dec 14, 2003 at 06:01:08PM -0500, fbsd_user wrote:
> I think you are confused. IPNAT is part of ipfilter firewall  and
> IPFW is an different firewall who has his own NATD function. You can
> not use one part from one and the other part from the other one.
> They work as an set,  IPNAT/IPFILTER or IPFW/NATD. Your best bet is
> to use IPNAT and it's firewall IPFILTER.

Not necessarily true. I'm using IPF for packet filtering, IPNAT for NAT,
and IPFW for traffic shaping on the same firewall.

The order that a packet is mangled becomes important, but that's solved
simply by being careful when designing the firewall.

-T


-- 
Draw bamboos for ten years, become a bamboo, then forget all about bamboos
when you are drawing.
	Georges Duthuit