From owner-freebsd-questions Sat Mar 11 11:33:11 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.one.net (mail3.one.net [206.112.192.120]) by hub.freebsd.org (Postfix) with ESMTP id BEFC037BD2A for ; Sat, 11 Mar 2000 11:33:02 -0800 (PST) (envelope-from carleton@one.net) Received: from port-3-169.adsl.one.net ([216.2.0.169] EHLO miltonstreet.com ident: IDENT-NOT-QUERIED [port 24315]) by mail2.one.net with ESMTP id <15565-15524>; Sat, 11 Mar 2000 14:32:52 -0500 Message-ID: <38CA9F0F.8A8F89F5@miltonstreet.com> From: Sam Carleton X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Questions Subject: Re: ipfw is not working References: <38C9D32F.E8F2254A@miltonstreet.com> <20000311123542.B23514@cc942873-a.ewndsr1.nj.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sat, 11 Mar 2000 14:32:46 -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Crist J. Clark" wrote: > On Sat, Mar 11, 2000 at 12:02:36AM -0500, Sam Carleton wrote: > > I am working on building a firewall script. First off, I have a > > ipchains script that is working fine in Linux, is there some way to > > eaily convert that over to ipfw? > > As long as you have not built any custom chains, I think ipchains > rules can be converted to ipfw rules in a one-to-one manner (they are > both stateless packet filters) for a firewall that does not do NAT. > I'm not sure what happens when you start doing NAT (or as Linux calls > it, IP masquerading). Wait a second here. My understanding is that NAT and IP Masquerading are different. From my understanding, with IP Masq there only needs to be one valid IP address, that on the external card of the firewall. With IP Masq gives all out going requests the one external IP address. With NAT, there needs to be one external IP address for every machine that wants to get to the Internet. Considering most folks at home only have one external IP address, they would want to use IP Masq. I have also heard IP Masq called PAT. Looking at page 506 of the 3rd edition of "The Complete FreeBSD", it looks like FreeBSD uses the terminology IP aliasing for what Linux folks call IP Masq. Am I correct? > > EXTERNAL_INTERFACE="ep0" # whichever you use > > LOOPBACK_INTERFACE="lo0" > > LOCAL_INTERFACE_1="ex0" # whichever you use > > If that makes it more clear to you... but that's a lot of typing. ;) I am big on CUT&PASTE:) > You mispelled '$fwcmd' as '$fwcmn'. Soemtimes I feel like a complete fool:) Thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message