From owner-freebsd-questions  Mon May 13 22:58:23 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from pen.homeip.net (72-17-237-24-cable.juneau.ak.net [24.237.17.72])
	by hub.freebsd.org (Postfix) with ESMTP id E120437B405
	for <questions@FreeBSD.ORG>; Mon, 13 May 2002 22:58:19 -0700 (PDT)
Received: from localhost (localhost [[UNIX: localhost]])
	by pen.homeip.net (8.11.6/8.11.6/SuSE Linux 0.5) id g4E5wDE24083
	for questions@FreeBSD.ORG; Mon, 13 May 2002 21:58:13 -0800
Message-Id: <200205140558.g4E5wDE24083@pen.homeip.net>
Content-Type: text/plain;
  charset="iso-8859-1"
From: John Andersen <jsa@pen.homeip.net>
Reply-To: jsa@pen.homeip.net
To: questions@FreeBSD.ORG
Subject: Re: IPFW with NATD question...
Date: Mon, 13 May 2002 21:58:12 -0800
X-Mailer: KMail [version 1.3.2]
References: <Pine.BSF.4.21.0205131102090.50364-100000@cody.jharris.com>
In-Reply-To: <Pine.BSF.4.21.0205131102090.50364-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Monday 13 May 2002 08:14 am, Nick Rogness wrote:
> On Mon, 13 May 2002, Max Clements wrote:
> > I have IPFW running as my firwall to the 'net with natd for the
> > translation.
> >
> > Problem is using natd with the divert socket to divert all traffic to
> > natd, you end up with a situation where you cannot use stateful rules (at
> > least I can't figure a way out) as an example:
>
> 	This assumption is correct for the most part.  There are ways to
> 	get around it but your state table grows x2 the size it should
> 	(keep a state table before and after translation).
>
>

Oh for pete sake!  You want to know how many days I've been
tearing my hair out trying to resolve exactly this problem!!!

Glad I ran into this post.

Shorewall under linux was SO easy, i figured FreeBSD would
be similar.
-- 
_________________________________________________
No I Don't Yahoo!
And I'm getting pretty sick of being asked if I do.
_________________________________________________
John Andersen / Juneau Alaska

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message