Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Jan 1997 14:11:10 +0200 (EET)
From:      Andrew Stesin <stesin@gu.net>
To:        Julian Elischer <julian@whistle.com>
Cc:        Brian Somers <brian@awfulhak.demon.co.uk>, freebsd-hackers@freebsd.org
Subject:   Re: FreeBSD as an ISDN Router
Message-ID:  <Pine.BSF.3.95.970116135339.3924L-100000@trifork.gu.net>
In-Reply-To: <32DE0601.794BDF32@whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Thu, 16 Jan 1997, Julian Elischer wrote:

> I still like the possibilty of the 'goto ' in our code using the
> line numbers and I don't see the 'not' operation phk just added.

	No opinions.

> We'd still like to see a 'divert' option..
> it just has too many uses

	I didn't got myself used to it yet, sorry... So
	no opinions as well.  (How can I discuss things
	I don't know about? :)

> but most of THAT code is independent of ipfw and ipfilter could 
> add it with almost no work.. 

	Seems to be true.

> Poul and others..
> The linux code has diverged almost completely away,

	BTW. Recent ipfwadm for Linux releases DO HAVE certain
	advantages even comparing to IPfilter, I'm speaking
	about NAT-style functionality.

	NAT in IPfilter, yes it do work, after some critical bugs
	were fixed recently; but it needs some effort to get
	brought into 2.2 branch, though Darren said that he's
	going to do this -- but not yet.

	ipfwadm, on the other hand, a) works flawlessly on Linux
	b) it is able to do a pretty smart things, i.e.
	selective NAT based on destination address (or range)
	as well.  And this _is_ cool! ;)

> I'm wondering which way give us more 'bang for our buck'?
[...]
> the transparent proxy support is really important.

	I think that this _is_ the answer.

> pitty 
> I feel like I'm betraying some long term trusted friend :)

	As for me, back in the days when I started doing those
	things like IP filtering and NAT, FreeBSD's ipfw
	had critical bugs and didn't have requested functionality.
	So I never enabled it in my kernels, using different
	versions of IPfilter instead.

Offtopic P.S.
     As about NAT -- cisco's implementation from IOS 11.2
     will become a de-facto standard soon, I think; if not yet.
     There were even rumours that a new Gated will change
     a style&syntax of config file to those of cisco's EXEC...
     Something one can think about?

     
Best regards,
Andrew Stesin

nic-hdl: ST73-RIPE

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970116135339.3924L-100000>