Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Jan 2003 23:17:10 +0000
From:      ian j hart <ianjhart@ntlworld.com>
To:        Claus Guttesen <cguttesen@yahoo.dk>, "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc:        stable@FreeBSD.ORG
Subject:   Re: IPF & IPFW
Message-ID:  <200301312317.10130.ianjhart@ntlworld.com>
In-Reply-To: <20030131222558.61732.qmail@web14105.mail.yahoo.com>
References:  <20030131222558.61732.qmail@web14105.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Friday 31 January 2003 10:25 pm, Claus Guttesen wrote:
> Hi.
>
> > Guttesen wrote:
> > > You may wish to read
>
> http://home.earthlink.net/~jaymzh666/ipf/IPFfreebsd.html#14.
>
> > > This explains in what order ipf and ipfw is
> >
> > loaded.
> >
> > > If you want to let ipfw to process the ip-packet
> > > first, you can remove ipfilter from the kernel and
> > > load it as a module instead. This should solve
> >
> > your
> >
> > > problem.
> >
> > Nuh-uh. The hooks for ipf(8) and ipfw(8) always are
> > in the same place
> > in ip_input.c and ip_output.c. The order of loading
> > modules has no
> > impact.
> >
> > To the original poster, there is nothing you can do
> > short of hacking
> > ip_input.c and ip_output.c to fit your designs. But
> > you are perfectly
> > free to do it if you'd like. (Ain't open source and
> > BSD licenses
> > great?)
> > --
>
> Thank you for the info. I guess it's OK that I forward
> this info to the maintainer of the above mentioned
> FAQ.
>
> regards
> Claus
>
>
> Har du problemer med din hjemmecomputer? Få hjælp med Yahoo!s PC-support på
> http://dk.shopping.yahoo.com/pcsupport/index.html

OTOH if you only need ipnat and not ipfilter you can do this...

Don't compile in ipf. Turn on ipnat in rc.conf it will run after all the ipfw rules.

I use this to "fix-up" packet source addreses.

e.g. (warning from memory)
map rl0 from <my-ip>/32 to any port 25 -> <alias-ip>/32

So outgoing email traffic appears to come from the alias IP.
[Don't ask, you don't want to know].

-- 
ian j hart

Quoth the raven, bite me!
	Salem Saberhagen (Episode LXXXI: The Phantom Menace)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301312317.10130.ianjhart>