From owner-freebsd-questions  Sat Jan  8 10:50:37 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 0E75F15B4E
	for <freebsd-questions@FreeBSD.ORG>; Sat,  8 Jan 2000 10:50:34 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id NAA04387;
	Sat, 8 Jan 2000 13:55:00 -0500 (EST)
	(envelope-from cjc)
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
Message-Id: <200001081855.NAA04387@cc942873-a.ewndsr1.nj.home.com>
Subject: Re: ipfw, natd, dummynet, & PPPoE.
In-Reply-To: <88256860.000494D7.00@notes.or.regence.com> from Robert A Clarks at "Jan 7, 2000 04:48:33 pm"
To: raclark@regence.com (Robert A Clarks)
Date: Sat, 8 Jan 2000 13:55:00 -0500 (EST)
Cc: freebsd-questions@FreeBSD.ORG
Reply-To: cjclark@home.com
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Robert A Clarks wrote,
> I'll be building a system to act as my firewall / proxy / router between ADSL
> and my home network.
> 
> I'll be using an old 440BX based motherboard with a 225Mhz Pentium processor,
> and two Pro100+ NICs. (32MB RAM, 5.1GB IDE HD, IDE CDROM)
> 
> What version of the OS should I use? 3.4R?

3.4-RELEASE or the latest 3.4-STABLE.

> Is there a document that describes the interaction between ipfw and natd?
> I want to understand how they relate before I attempt to use them.

They really do not "interact" all that much. All you need to know is:

   1. Any packet starts into IPFW in the usual manner.

   2. It flows through the rules in its original state until it is
      passed, dropped, etc., or diverted to NATd.

   3. NATd then receives the packet and does what ever it is going to
      do to the packet.

=> 4. The packet, now modified by NATd, then re-enters the IPFW rule
      list at the rule following where it was diverted.
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   5. The modified packet then flows down the IPFW rules normally.

As I have pointed out, item (4) is the one people sometimes get
confused about.

Hope that's what you were asking. HTH.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message