From owner-freebsd-config@FreeBSD.ORG  Tue Mar  2 10:20:35 2004
Return-Path: <owner-freebsd-config@FreeBSD.ORG>
Delivered-To: freebsd-config@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BBB3816A4CE
	for <freebsd-config@freebsd.org>;
	Tue,  2 Mar 2004 10:20:35 -0800 (PST)
Received: from andrej.mine.nu (catv-d5deb846.catv.broadband.hu
	[213.222.184.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C776A43D3F
	for <freebsd-config@freebsd.org>;
	Tue,  2 Mar 2004 10:20:34 -0800 (PST)
	(envelope-from andras@webmedia.hu)
Received: from webmedia.hu (unknown [192.168.0.1])
	by andrej.mine.nu (Postfix) with ESMTP id D40A41BA1F
	for <freebsd-config@freebsd.org>;
	Tue,  2 Mar 2004 19:22:04 +0100 (CET)
Message-ID: <4044D07E.5090601@webmedia.hu>
Date: Tue, 02 Mar 2004 19:20:46 +0100
From: Andras Got <andras@webmedia.hu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7a) Gecko/20040219
X-Accept-Language: hu, en-us, en
MIME-Version: 1.0
To: freebsd-config@freebsd.org
References: <4044CBA0.8090403@stupar.homelinux.net>
In-Reply-To: <4044CBA0.8090403@stupar.homelinux.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Converting iptables to ipfw
X-BeenThere: freebsd-config@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Installation and Configuration <freebsd-config.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-config>,
	<mailto:freebsd-config-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-config>
List-Post: <mailto:freebsd-config@freebsd.org>
List-Help: <mailto:freebsd-config-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-config>,
	<mailto:freebsd-config-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2004 18:20:35 -0000

Hi!

All the below mentioned works. I think you should use ipf for packet 
filtering, and ipnat for NAT.

For /etc/ipnat.rules, the basic is:
map $inet_iface $lan_mask -> 0/32
$lan_mask= x.x.x.x/y (netmask)

For /etc/ipf.rules:
http://www.obfuscation.org/ipf/ipf-howto.html

With many examples and tricks also.

Andrej

Sasa Stupar wrote:

> Hi!
> 
> I am thinking to change my old linux router to the freebsd one. The 
> question is: how difficult is to convert iptables into ipfw rules?
> I need some basic things with that router:
> - internet gateway for LAN users
> - packet filtering with MAC/IP address filtering
> - port forwarding
> - NAT onto same network so that LAN users can access web server which is 
> on the LAN also
> 
> Is this all possible with ipfw?
> 
> Regards,
> Sasa
> _______________________________________________
> freebsd-config@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-config
> To unsubscribe, send any mail to "freebsd-config-unsubscribe@freebsd.org"
>