From owner-freebsd-security@FreeBSD.ORG Thu May 1 12:32:56 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 313F237B401 for ; Thu, 1 May 2003 12:32:56 -0700 (PDT) Received: from chomsky.sohotech.ca (ottawa-hs-64-26-169-251.s-ip.magma.ca [64.26.169.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CC8D43FB1 for ; Thu, 1 May 2003 12:32:54 -0700 (PDT) (envelope-from vmsmith@grokking.org) Received: from conrad.sohotech.ca (conrad.sohotech.ca [192.168.1.2]) by chomsky.sohotech.ca (8.12.6p2/8.12.6) with ESMTP id h41JWpa4041652 for ; Thu, 1 May 2003 15:32:52 -0400 (EDT) (envelope-from vmsmith@grokking.org) Date: Thu, 1 May 2003 15:32:51 -0400 Message-ID: <7931E2E61A63FB4D9F0DECE73E05C636D227@conrad.sohotech.ca> MIME-Version: 1.0 X-MS-Has-Attach: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MS-TNEF-Correlator: Thread-Topic: freebsd-security Digest, Vol 6, Issue 3 Thread-Index: AcMQE/yIAY34aXcpQK6gtAXA6sVWzgAAsVWg X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 From: "V. M. Smith" To: content-class: urn:content-classes:message Subject: RE: how to configure a FreeBSD firewall to pass IPSec? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2003 19:32:56 -0000 Guy: FWIW, I tried ipfw/natd a few weeks ago but couldn't seem to get it to = keep state properly through NAT. Eventually I gave up and turned to = ipf/ipnat and have been happy with it ever since. I thought I read somewhere that ipfw/natd is the more "native" of the = two systems and been a part of FreeBSD for a longer time but someone = more experienced with the OS than myself can probably shed more light on = this. Also, I think ipfw has better application for traffic shaping, if = that's a feature you want/need. Some claim you can successfully mix the = two simultaneously but I'm not familiar (or brave) enough to try :) VS ------------------------------ Message: 9 Date: Thu, 1 May 2003 10:46:22 -0400 From: Guy Middleton Subject: Re: how to configure a FreeBSD firewall to pass IPSec? To: freebsd-security@freebsd.org Message-ID: <20030501104614.A29056@chaos.obstruction.com> Content-Type: text/plain; charset=3Dus-ascii Thanks to everybody for the suggestions, I'll try them this weekend. The discussion brings up a question: Until now (and as recommended in the Handbook), I have been using ifpw and natd. Everybody here who has IPSec client passthrough working seems to use ifw/ipnat. Is ipf/ipnat more flexible? And why is there more = than one firewalling scheme in FreeBSD? ------------------------------ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" End of freebsd-security Digest, Vol 6, Issue 3 **********************************************