Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Jan 2003 23:17:10 +0000
From:      ian j hart <ianjhart@ntlworld.com>
To:        Claus Guttesen <cguttesen@yahoo.dk>, "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc:        stable@FreeBSD.ORG
Subject:   Re: IPF & IPFW
Message-ID:  <200301312317.10130.ianjhart@ntlworld.com>
In-Reply-To: <20030131222558.61732.qmail@web14105.mail.yahoo.com>
References:  <20030131222558.61732.qmail@web14105.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Friday 31 January 2003 10:25 pm, Claus Guttesen wrote:
> Hi.
>
> > Guttesen wrote:
> > > You may wish to read
>
> http://home.earthlink.net/~jaymzh666/ipf/IPFfreebsd.html#14.
>
> > > This explains in what order ipf and ipfw is
> >
> > loaded.
> >
> > > If you want to let ipfw to process the ip-packet
> > > first, you can remove ipfilter from the kernel and
> > > load it as a module instead. This should solve
> >
> > your
> >
> > > problem.
> >
> > Nuh-uh. The hooks for ipf(8) and ipfw(8) always are
> > in the same place
> > in ip_input.c and ip_output.c. The order of loading
> > modules has no
> > impact.
> >
> > To the original poster, there is nothing you can do
> > short of hacking
> > ip_input.c and ip_output.c to fit your designs. But
> > you are perfectly
> > free to do it if you'd like. (Ain't open source and
> > BSD licenses
> > great?)
> > --
>
> Thank you for the info. I guess it's OK that I forward
> this info to the maintainer of the above mentioned
> FAQ.
>
> regards
> Claus
>
>
> Har du problemer med din hjemmecomputer? F=E5 hj=E6lp med Yahoo!s PC-supp=
ort p=E5
> http://dk.shopping.yahoo.com/pcsupport/index.html

OTOH if you only need ipnat and not ipfilter you can do this...

Don't compile in ipf. Turn on ipnat in rc.conf it will run after all the ip=
fw rules.

I use this to "fix-up" packet source addreses.

e.g. (warning from memory)
map rl0 from <my-ip>/32 to any port 25 -> <alias-ip>/32

So outgoing email traffic appears to come from the alias IP.
[Don't ask, you don't want to know].

=2D-=20
ian j hart

Quoth the raven, bite me!
	Salem Saberhagen (Episode LXXXI: The Phantom Menace)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301312317.10130.ianjhart>