From owner-freebsd-questions@FreeBSD.ORG Sun Sep 14 12:11:02 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B226B16A4BF for ; Sun, 14 Sep 2003 12:11:02 -0700 (PDT) Received: from mailhost.ssr.com (ns.ssr.com [199.4.235.2]) by mx1.FreeBSD.org (Postfix) with SMTP id C298143F75 for ; Sun, 14 Sep 2003 12:11:01 -0700 (PDT) (envelope-from sdb@ssr.com) Received: (qmail 21984 invoked by uid 103); 14 Sep 2003 19:10:59 -0000 Date: 14 Sep 2003 19:10:59 -0000 Message-ID: <20030914191059.21983.qmail@ssr.com> From: Scott Ballantyne To: freebsd-questions@freebsd.org In-reply-to: References: Subject: Re: firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Sep 2003 19:11:02 -0000 "fbsd_user" writes: > I know that the FBSD handbook gives the reader the impression that > IPFW is the only firewall available to FBSD, but that is a false > impression. FBSD has IPFILTER which is also a built in firewall. PF is also in ports, which is interesting. That's appealing because it provides an option to use tables rather than lists. I've heard good thinks about IPF. > like IPFW and the netbsd firewall IPF has been ported to FBSD so > there other options. I have used both IPFW and IPFILTER, IPFW's keep > state rules do not function correctly on a DSL or cable internet > connection, it has just been upgraded in FBSD 5.2 with a lot fluff > that does nothing but confuses the general user. > I'm interested to hear what the problem is with IPFW and keep-state, they have been working fine here, as far as I can tell. I have never used IPFW with ppp, but it looks like the original poster needs to provide a natd_interface, so that a divert rule gets enabled. Note that all the addresses he uses on his lan were RFC1918 ones. sdb -- sdb@ssr.com