From owner-freebsd-hackers  Thu Jan 16 02:51:15 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id CAA15462
          for hackers-outgoing; Thu, 16 Jan 1997 02:51:15 -0800 (PST)
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id CAA15457
          for <freebsd-hackers@freebsd.org>; Thu, 16 Jan 1997 02:51:12 -0800 (PST)
Received: from current1.whistle.com (current1.whistle.com [207.76.205.22])
          by alpo.whistle.com (8.8.4/8.8.4) with SMTP
	  id CAA09014; Thu, 16 Jan 1997 02:43:39 -0800 (PST)
Message-ID: <32DE0601.794BDF32@whistle.com>
Date: Thu, 16 Jan 1997 02:42:09 -0800
From: Julian Elischer <julian@whistle.com>
Organization: Whistle Communications
X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386)
MIME-Version: 1.0
To: Andrew Stesin <stesin@gu.net>
CC: Brian Somers <brian@awfulhak.demon.co.uk>, freebsd-hackers@freebsd.org
Subject: Re: FreeBSD as an ISDN Router
References: <Pine.BSF.3.95.970116103950.3924F-100000@trifork.gu.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Andrew Stesin wrote:
> 
> Dear Brian,
> 
> On Thu, 16 Jan 1997, Brian Somers wrote:
> 
> > The alias stuff converts *every* port number for a given interface, making
> > what appears to be going on and what's actually going on into two completely
> > different things.
> 
>         Would you mind explaining me please, how the stuff discussed
>         here differs from what IPfilter (with NAT "range-to-range"
>         functionality) (see http://coombs.anu.edu.au/~avalon
>         for details) does?
> 
>         thanks!
> 
>
At one stage we needed things here that we could do with IPfw and not 
ipfilter... some of them have gone away..

I still like the possibilty of the 'goto ' in our code using the
line numbers and I don't see the 'not' operation phk just added.

We'd still like to see a 'divert' option..
it just has too many uses

but most of THAT code is independent of ipfw an dipfilter could 
add it with almost no work.. 

Poul and others..
The linux code has diverged almost completely away,
the BSDI code doesn't match ours much any more.
I'm wondering which way give us more 'bang for our buck'?

both do the  job. but netBSD and Open BSD have integrated
ipfilter.. we might look at doing the same..
the transparent proxy support is really important.

pitty 
I feel like I'm betraying some long term trusted friend :)