From owner-freebsd-ipfw@FreeBSD.ORG Sat Mar 17 16:31:35 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBB3A106564A for ; Sat, 17 Mar 2012 16:31:35 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 912AE8FC14 for ; Sat, 17 Mar 2012 16:31:35 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id q2HGVV6l002785 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 17 Mar 2012 09:31:33 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <4F64BC7A.8080607@freebsd.org> Date: Sat, 17 Mar 2012 09:31:54 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.28) Gecko/20120306 Thunderbird/3.1.20 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <4F5A161C.8060407@herveybayaustralia.com.au> <8823954.VFuFedYPUb@magi> <4F644CF4.2010004@herveybayaustralia.com.au> In-Reply-To: <4F644CF4.2010004@herveybayaustralia.com.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: Da Rock Subject: Re: newbie IPFW user X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Mar 2012 16:31:35 -0000 On 3/17/12 1:36 AM, Da Rock wrote: > On 03/14/12 17:09, Rémy Sanchez wrote: >> On Saturday 10 March 2012 00:39:24 Da Rock wrote: >>> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I >>> believe) was using 4.3. I'm now attempting to use IPFW for some tests >>> (and hopefully move to production), and I'm trying to determine how I >>> would setup binat using IPFW; or even if its possible at all. >>> >>> I've been hunting some more in depth documentation, but it appears >>> to be >>> scarce/not definitive. I suspect using the modes in libalias such as >>> "use same ports" and "reverse" might be able to do what I'm >>> looking for? >>> >>> Any clarity much appreciated. >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to >>> "freebsd-ipfw-unsubscribe@freebsd.org" >> Well, what do you want to do with your firewall ? >> >> Because ipfw is kick-ass for QoS management, and is fairly simple >> to use in >> other tasks, but if you want to do some complex NAT, it's going to >> be a pain >> in comparison to what pf offers. >> >> Just make sure of what your main requirement is :) >> >> My 2 cents, > Bluntly put, but very accurate :) > > I want it to do something pf cant - port forward ipsec packets for > Android L2TP/IPSec. Apparently (according to pfsense experts) it is > impossible until Android 3.0 or 4.0. My next port of call will be > ipfilter, and thats a known working solution but I want to use more > robust native tools. you need to really explain what you want here.. do you want the IP packets to still have the original ports/addesses in them or do you want to have the packets untouched, but redirected? a picture helps too. > > As for being a pita - I don't know. It doesn't seem any harder to > me, could even be easier; seems to be a psychological thing. I'll > get back to you (the list) when I have achieved an outcome and let > you know. So far I haven't had to compile a new kernel, so thats a > definite plus... that could change though. More info in the next > episode ;) I've just finished wrestling with certificate > generation.... grr! It was easier last time, not sure what has been > the issue this time. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >