Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Sep 2002 09:28:32 +1000
From:      "Leigh V" <leighv@roq.com>
To:        "Paulo Roberto" <nirv199@yahoo.com>, <freebsd-questions@FreeBSD.ORG>
Subject:   Re: simple questions about ipfw + natd rules
Message-ID:  <003401c25858$9c91ea90$2d01a8c0@michael>
References:  <20020908163958.35715.qmail@web14912.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
If you are having probs using natd and ipfw, you can alternatively try my
IPfilter/IPnat setup script for FreeBSD , All you have to do is answer the 2
main questions what is your internal and external nic interfaces and just
hit enter for the rest of the questions for a basic firewall/nat setup.
http://roq.com/bsd/


----- Original Message -----
From: "Paulo Roberto" <nirv199@yahoo.com>
To: <freebsd-questions@FreeBSD.ORG>
Sent: Monday, September 09, 2002 2:39 AM
Subject: simple questions about ipfw + natd rules


> Hello,
>
> I am having some trouble trying to picture the ipfw+natd algorithm to
> implement my firewall rules.
>
> When I divert some packets to natd, natd then masqs them and resend
> them to the firewall rule number one, right? It does not get to the
> rule after the packet was diverted?
>
> So, in the same example, if I add a dynamic rule like "from me to any
> keep-state", this rule will apply to this packet after it was masqed,
> and when the response gets back it is accepted by a "check-state" rule,
> and then the "process owner" of this packet is *natd* and not the
> original address, right?
>
> So the same packet is delivered to natd, and then natd de-masqs it and
> _again_ put it thru the firewall rule number one (and so on...)?
>
> So, in one packet going out or in, it gets processed *two* times by all
> firewall rules (of course, first match wins...), is this correct?
>
> I am just concerned about the processing time of each packet and its
> delay time in a busy link.
>
> TIA
>
> PR
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Finance - Get real-time stock quotes
> http://finance.yahoo.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003401c25858$9c91ea90$2d01a8c0>