Date: Sun, 14 Dec 2003 18:46:03 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: freebsd-questions@freebsd.org Subject: Re: ipnat+ipfw + 3 gateways Message-ID: <20031215004603.GT64340@seekingfire.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGEEKFFAAA.fbsd_user@a1poweruser.com> References: <20031214233809.GS64340@seekingfire.com> <MIEPLLIBMLEEABPDBIEGEEKFFAAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 14, 2003 at 07:23:26PM -0500, fbsd_user wrote: > What do you think IPF is? That's the utility name used to load > filter rules into IPFILTER. > So you are doing just what I said. The original poster said > nothing about doing traffic shaping. > IPNAT will not function with out IPFILTER rules. At lease pass in > all on all interfaces. He listed none in his post. Unlike IPFW, IPF defaults to "open" (thus the reason for the IPFILTER_DEFAULT_BLOCK kernel option). Thus IPF won't be blocking any of the packets that IPNAT is NATing. For example, when I issue a `ipf -F a`, my IPNAT rules continue to function normally. -T -- The person who takes the banal and ordinary and illuminates it in a new way can terrify. We do not want our ideas changed. We feel threatened by such demands. "I already know the important things!" we say. Then Changer comes and throws our old ideas away. - The Zensufi Master
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031215004603.GT64340>