From owner-freebsd-questions Sun Apr 1 21:57:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from matrix.dynamic-cast.com (r175-5-dsl.sea.lightrealm.net [216.122.5.175]) by hub.freebsd.org (Postfix) with ESMTP id 4755437B71E for ; Sun, 1 Apr 2001 21:57:29 -0700 (PDT) (envelope-from herveyw@dynamic-cast.com) Received: from chillipepper (chillipepper.dynamic-cast.com [192.168.1.1]) by matrix.dynamic-cast.com (8.11.1/8.11.1) with SMTP id f324vSp28701 for ; Sun, 1 Apr 2001 21:57:28 -0700 (PDT) (envelope-from herveyw@dynamic-cast.com) Message-ID: <00db01c0bb31$78966e10$0101a8c0@chillipepper> From: "Hervey Wilson" To: "FreeBSD Questions" Subject: ipfw vs. ipfilter Date: Sun, 1 Apr 2001 21:57:51 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Being new to FreeBSD and needing a firewall and NAT, I'm presently using ipfw and natd. I've also been looking at some of the documentation for ipfilter and ipnat (in particular the ipf-howto @ obfuscation.org). Having been through the documentation for both it's not clear to me whether I should consider switching over to ipfilter. One specific requirement I have is that the NAT services can support the GRE protocol needed for MS-PPTP tunneling - this works nicely right now with natd. Does anyone have any comments on this topic that might shed some light on which method is best under different circumstances ? Is ipfilter the "next generation" packet filter technology like ipchains (now iptables) was on Linux ? Or are they just different ways of achieving the same thing ? Thanks in advance, Hervey. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message