Date: Wed, 02 Jun 2004 15:47:21 -0700 From: OpenMacNews <freebsd-ipfw.20.openmacews@spamgourmet.com> To: freebsd-ipfw <freebsd-ipfw@freebsd.org> Cc: Luigi Rizzo <rizzo@icir.org> Subject: Re: does NATd _prevent_ use of stateful ipfw rules w/ keep-state? Message-ID: <7D7540B64898043C025AFB23@[172.30.11.6]> In-Reply-To: <20040602154140.A17902@xorpc.icir.org> References: <DAC6B2F195AD44196B3A03F5@[172.30.11.6]> <20040602154140.A17902@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> just about every sentence above is false. > > nothing prevents you from using stateful ipfw rules with natd, > _but_ you must understand very well the packet's flow and how > addresses are transformed or you won't get what you want. > > personally i see almost always only disadvantages (basically, it is much > easier to screw up your configuration) in using both because nat is > already stateful well, since I'm "not getting what I want" because I'm probably "screw(ing) up my configuration", I suppose this is good news ;-) thanks for the clarification! now, back to slogging through my config problems ... richard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7D7540B64898043C025AFB23>