From owner-freebsd-hackers  Fri Jul 19 10:22:41 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA09225
          for hackers-outgoing; Fri, 19 Jul 1996 10:22:41 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA09210
          for <freebsd-hackers@freebsd.org>; Fri, 19 Jul 1996 10:22:38 -0700 (PDT)
Message-Id: <199607191722.KAA09210@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA185136946; Sat, 20 Jul 1996 03:22:26 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: IP masquerading over tunel device
To: noel@harleystreet.com (Noel Burton-Krahn)
Date: Sat, 20 Jul 1996 03:22:25 +1000 (EST)
Cc: freebsd-hackers@freebsd.org
In-Reply-To: <01BB72FD.0E47CEE0@mcduck.harleystreet.com> from "Noel Burton-Krahn" at Jul 16, 96 09:56:26 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Noel Burton-Krahn, sie said:
> 
> I'm not sure what you mean by the "NAT implementation" in ipfilter.  =
> from the docs, I see that ipfilter can detect packets that would need to =
> be edited in an IP masquerading sense, but can ipfilter remove those =
> packets from the IP code in the kernel and re-insert edited packets?

"re-insert" ?

It just changes them on their way through.

However, NAT wasn't `officially' part of IP Fitler until about 2 weeks ago,
although it was present, when 3.1.0 was released (also made the transparent
proxy stuff `official').

Have another look at the web pages, in particular this one:

http://coombs.anu.edu.au/~avalon/ipfil-flow.html

which shows how the various stages interact in how packets are passed
through.

Darren