From owner-freebsd-questions@FreeBSD.ORG Mon Oct 10 15:18:31 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D547816A41F for ; Mon, 10 Oct 2005 15:18:31 +0000 (GMT) (envelope-from bconklin@masongeneral.com) Received: from fw.masongeneral.com (list.masongeneral.com [66.119.204.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F7F943D49 for ; Mon, 10 Oct 2005 15:18:31 +0000 (GMT) (envelope-from bconklin@masongeneral.com) Received: from localhost (unknown [127.0.0.1]) by fw.masongeneral.com (Postfix) with ESMTP id 693EE153AC; Mon, 10 Oct 2005 08:18:29 -0700 (PDT) Received: from fw.masongeneral.com ([127.0.0.1]) by localhost (fw.masongeneral.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44641-01; Mon, 10 Oct 2005 08:18:22 -0700 (PDT) Received: by fw.masongeneral.com (Postfix, from userid 1002) id 90EA5153B6; Mon, 10 Oct 2005 08:18:20 -0700 (PDT) Received: from mx1.masongeneral.com (mx1.masongeneral.com [172.31.195.56]) by fw.masongeneral.com (Postfix) with ESMTP id C980614E42; Mon, 10 Oct 2005 08:18:19 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 10 Oct 2005 08:18:19 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Converting from IPFW to IPFILTER Thread-Index: AcXLJaplR0PDIZL1QM6zZlUkddQ/TwCh8/TQ From: "Brian E. Conklin" To: "Mark Cullen" X-Privacy-Notice: Please visit http://www.masongeneral.com/HIPAA.htm X-Virus-Scanned: amavisd-new at masongeneral.com Cc: freebsd-questions@freebsd.org Subject: RE: Converting from IPFW to IPFILTER X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2005 15:18:32 -0000 > -----Original Message----- > From: Mark Cullen [mailto:mark.r.cullen@gmail.com]=20 > Sent: Friday, October 07, 2005 2:59 AM > To: Charles Swiger > Cc: Brian E. Conklin; freebsd-questions@freebsd.org > Subject: Re: Converting from IPFW to IPFILTER >=20 >=20 > Charles Swiger wrote: > > On Oct 6, 2005, at 5:44 PM, Brian E. Conklin wrote: > >=20 > >> I am getting ready to switch a FreeBSD 4.11 machine=20 > from IPFW to > >> IPFILTER for better FTP and NAT support. > >=20 > >=20 > > Hmm. Is there something natd doesn't handle for your case...? > >=20 > >> I currently have IPFW compiled into the kernel. > >> Do I need to recompile a kernel without IPFW before I=20 > can enable=20 > >> IPF? > >> Can I just set IPFW to allow everything by default? > >> Thanks in advance for your advice. > >=20 >=20 > You can have IPFW and IPF active at the same time, yes. >=20 So I am assuming because IPFW is built into the kernel with a "default = to deny" option, I will need an IPFW rule allowing everything? Or, can I = change my rc.conf to have IPFIREWALL_ENABLE=3D"NO"? > >=20 > > If you're going to switch to using IPF, you might want to consider =20 > > upgrading or reinstalling the OS to 5.4 instead of 4.11. > >=20 >=20 > Are there any particular reasons why you suggest switching=20 > from 4.11 to=20 > 5.4 if going from IPFW to IPF? Because I have just converted=20 > from IPFW2=20 > to IPF on 4.11-STABLE... >=20 > I did notice that IPF appears to be a rather old version.=20 > 3.something,=20 > where the latest version of IPF is 4.something. Is this the reason? >=20 ====================================================================== Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 ====================================================================== This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Replying to this message constitutes consent to electronic monitoring of this message. Thank you.