Date: Thu, 3 Aug 2006 08:29:47 -0700 (PDT) From: "Freddie Cash" <fcash@ocis.net> To: current@freebsd.org Subject: Re: ipfw output FWD broken on 6.1 and newer? Message-ID: <59004.192.168.0.10.1154618987.squirrel@webmail.sd73.bc.ca> In-Reply-To: <44D1473F.1000204@elischer.org> References: <44D1473F.1000204@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, August 2, 2006 5:45 pm, Julian Elischer wrote: > I haven't tried 7.x yet but has anyone seen > the FWD command of ipfw running on 6.1? > > or anyone know of problems with it that may have been fixed on > -current? It's working fine for us here. Been using the same kernel config file (with the needed changes from 4.x to 5.x to 6.x) and ruleset on our firewalls. They started life as FreeBSD 4.2 boxes, were upgraded through to 4.11, and then re-installed with 6.0 and finally upgraded to 6.1. The kernel config section for our firewall kernels is just: # Firewall options options IPSTEALTH options IPDIVERT options DUMMYNET options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=500 options IPFIREWALL_DEFAULT_TO_ACCEPT We used fwd rules a lot for our VPN links between schools, and a couple of sites use them for trasparent proxying using squid+dansguardian. Haven't had any issues so far. We've never included the _EXTENDED option, nor really seen a need for it (or a problem without it). HTH, ---- Freddie Cash fcash@ocis.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59004.192.168.0.10.1154618987.squirrel>