From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 18 19:26:47 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D50D8106564A for ; Mon, 18 Jul 2011 19:26:47 +0000 (UTC) (envelope-from gregoire.leroy@hyperthese.net) Received: from slow3-v.mail.gandi.net (slow3-v.mail.gandi.net [217.70.178.89]) by mx1.freebsd.org (Postfix) with ESMTP id 714B08FC29 for ; Mon, 18 Jul 2011 19:26:47 +0000 (UTC) X-WhiteListed: mail was accepted with no delay X-WhiteListed: mail was accepted with no delay Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by slow3-v.mail.gandi.net (Postfix) with ESMTP id 0C828863B7 for ; Mon, 18 Jul 2011 21:10:11 +0200 (CEST) X-Originating-IP: 217.70.178.137 Received: from mfilter8-d.gandi.net (mfilter8-d.gandi.net [217.70.178.137]) by relay3-d.mail.gandi.net (Postfix) with ESMTP id 1B836A807C for ; Mon, 18 Jul 2011 21:10:00 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter8-d.gandi.net Received: from relay3-d.mail.gandi.net ([217.70.183.195]) by mfilter8-d.gandi.net (mfilter8-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id cio4ij5NEwXi for ; Mon, 18 Jul 2011 21:09:58 +0200 (CEST) X-Originating-IP: 90.47.25.8 Received: from rena.localnet (ALille-258-1-34-8.w90-47.abo.wanadoo.fr [90.47.25.8]) (Authenticated sender: lupuscramus@hyperthese.net) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 0A61DA8081 for ; Mon, 18 Jul 2011 21:09:57 +0200 (CEST) From: =?iso-8859-1?q?Gr=E9goire_Leroy?= To: freebsd-ipfw@freebsd.org Date: Mon, 18 Jul 2011 21:09:53 +0200 User-Agent: KMail/1.13.7 (Linux/2.6.39-2-amd64; KDE/4.6.4; x86_64; ; ) References: In-Reply-To: X-KMail-Markup: true MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2548024.6gXXzlguxe"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201107182109.57593.gregoire.leroy@hyperthese.net> X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: FW: ipfw and nat problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2011 19:26:47 -0000 --nextPart2548024.6gXXzlguxe Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, > >I just cant seem to understand in and out. > >Does in mean INTO the BOX or into the specific interface what happens if > >you don=B9t specify an interface when u say in or out? > >OR does in mean into the internal network from outside or just into the > >box? in and out are filters, like from and to. If you don't specify the interfac= e,=20 it'll match all packets which go into the box (or go out, for out). If you specify an interface, it'll be more precise. Example : # In and out packets which go through outgoing interface from any to any via oif # idem, but in packets only from any to any in via oif # out packets through all interfaces from any to any out Regards, Gr=E9goire Leroy --nextPart2548024.6gXXzlguxe Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EABEIAAYFAk4khQEACgkQB3Y8MwGKx1dbFAD9F2UsSGuWSqyDAMaDXCZF5pOG Sv8p0hqDD29EwZ1rug8BAIqdshUcCJMHZsq/vYsPV06AEJGsdhk4KCtkBB2+YyeR =f5gw -----END PGP SIGNATURE----- --nextPart2548024.6gXXzlguxe--