From owner-freebsd-security@FreeBSD.ORG Thu May 1 07:46:24 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3904037B401 for ; Thu, 1 May 2003 07:46:24 -0700 (PDT) Received: from obstruction.com (CPE00e018983b2f-CM013349903124.cpe.net.cable.rogers.com [24.157.68.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFF2143FB1 for ; Thu, 1 May 2003 07:46:22 -0700 (PDT) (envelope-from guy@obstruction.com) Received: (from guy@localhost) by obstruction.com (8.9.2/8.9.2) id KAA29103; Thu, 1 May 2003 10:46:22 -0400 (EDT) (envelope-from guy) Date: Thu, 1 May 2003 10:46:22 -0400 From: Guy Middleton To: freebsd-security@freebsd.org Message-ID: <20030501104614.A29056@chaos.obstruction.com> References: <20030430190040.A78C937B407@hub.freebsd.org> <1051788543.641.31.camel@thoreau.sohotech.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <1051788543.641.31.camel@thoreau.sohotech.ca>; from vmsmith@grokking.org on Thu, May 01, 2003 at 07:29:04AM -0400 Subject: Re: how to configure a FreeBSD firewall to pass IPSec? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2003 14:46:24 -0000 Thanks to everybody for the suggestions, I'll try them this weekend. The discussion brings up a question: Until now (and as recommended in the Handbook), I have been using ifpw and natd. Everybody here who has IPSec client passthrough working seems to use ifw/ipnat. Is ipf/ipnat more flexible? And why is there more than one firewalling scheme in FreeBSD?