Date: Fri, 15 Feb 2002 10:20:39 -0600 (CST) From: Chris Dillon <cdillon@wolves.k12.mo.us> To: "Rogier R. Mulhuijzen" <drwilco@drwilco.net> Cc: Michael Sierchio <kudzu@tenebras.com>, Luigi Rizzo <rizzo@icir.org>, <freebsd-ipfw@FreeBSD.ORG>, <freebsd-net@FreeBSD.ORG> Subject: Re: Bug in stateful code? Message-ID: <Pine.BSF.4.32.0202151003240.92211-100000@mail.wolves.k12.mo.us> In-Reply-To: <5.1.0.14.0.20020214221354.01c37da0@mail.drwilco.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 14 Feb 2002, Rogier R. Mulhuijzen wrote: > I have personally looked at natd & stateful ipfw rules, and have > concluded that it logically impossible to get it to work. > > Thus I made a ipfw rulelist that utilizes the statefulness of > natd. I hope this helps you in making your own rulelist. If you have the luxury of having more than one IP address available for the outside interface, you can dedicate one address to natd's use, and the other to the host machine. Use -deny_incoming on natd, and use whatever rules you want, including stateful, on the non-NAT address. This is what I've done and it works fine. -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet - Available for IA32 (Intel x86) and Alpha architectures - IA64, PowerPC, UltraSPARC, and ARM architectures under development - http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0202151003240.92211-100000>