From: Sam Carleton <scarleton@miltonstreet.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw is not working Message-ID: <38CA9F0F.8A8F89F5@miltonstreet.com> References: <38C9D32F.E8F2254A@miltonstreet.com> <20000311123542.B23514@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Crist J. Clark" wrote: > On Sat, Mar 11, 2000 at 12:02:36AM -0500, Sam Carleton wrote: > > I am working on building a firewall script. First off, I have a > > ipchains script that is working fine in Linux, is there some way to > > eaily convert that over to ipfw? > > As long as you have not built any custom chains, I think ipchains > rules can be converted to ipfw rules in a one-to-one manner (they are > both stateless packet filters) for a firewall that does not do NAT. > I'm not sure what happens when you start doing NAT (or as Linux calls > it, IP masquerading). Wait a second here. My understanding is that NAT and IP Masquerading are different. From my understanding, with IP Masq there only needs to be one valid IP address, that on the external card of the firewall. With IP Masq gives all out going requests the one external IP address. With NAT, there needs to be one external IP address for every machine that wants to get to the Internet. Considering most folks at home only have one external IP address, they would want to use IP Masq. I have also heard IP Masq called PAT. Looking at page 506 of the 3rd edition of "The Complete FreeBSD", it looks like FreeBSD uses the terminology IP aliasing for what Linux folks call IP Masq. Am I correct? > > EXTERNAL_INTERFACE="ep0" # whichever you use > > LOOPBACK_INTERFACE="lo0" > > LOCAL_INTERFACE_1="ex0" # whichever you use > > If that makes it more clear to you... but that's a lot of typing. ;) I am big on CUT&PASTE:) > You mispelled '$fwcmd' as '$fwcmn'. Soemtimes I feel like a complete fool:) Thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38CA9F0F.8A8F89F5>