Date: Thu, 4 May 2006 17:09:30 +0300 From: vladone <vladone@spaingsm.com> To: ipfw@freebsd.org Subject: Re[2]: Pipes. Message-ID: <864442146.20060504170930@spaingsm.com> In-Reply-To: <20060503170659.6b086e49@giboia> References: <20060427164741.5f657901@giboia> <1129312329.20060428180201@spaingsm.com> <20060428165726.2fe9ceb9@giboia> <321737321.20060429153542@spaingsm.com> <20060503170659.6b086e49@giboia>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Gilberto, Wednesday, May 3, 2006, 11:06:59 PM, you wrote: > Helo Vladone, > I tested your rule, but it didn't work. > I maked some tests and I think discovery the problem, but not the solution. > I have my servers (DNS, www, e-mail and etc) in DMZ thought PF. When I use > pipes in ipfw, the redirects for my servers don't work, but the nat to my > internal network (10.0.0.0/24) works. > I belive this rule is a incompatible with rdr from PF. > Gilberto > On Sat, 29 Apr 2006 15:35:42 +0300 > vladone <vladone@spaingsm.com> wrote: I dont have experience with PF but i think that is not a good idea to put toghether PF and ipfw, simply because doing same job. If u use pf, packets will be checked with pf and ipfw twice, so effects are impredictible. Use only ipfw with dummynet. For port forwarding u have simple options to do that in natd. If u want to use PF, then for traffic shaping need to use ALTQ, that is a little more complicate. Some time ago, i work with an combination PF+IPFW in this situation: - PF used only for NAT - ipfw used only for shaping but isn't recommended. Best regards, vladone mailto:vladone@spaingsm.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?864442146.20060504170930>