From owner-freebsd-hackers Thu Jan 16 04:12:12 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id EAA18618 for hackers-outgoing; Thu, 16 Jan 1997 04:12:12 -0800 (PST) Received: from whale.gu.kiev.ua (whale.gu.net [194.93.190.4]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id EAA18581 for ; Thu, 16 Jan 1997 04:11:51 -0800 (PST) Received: from trifork.gu.net (trifork.gu.net [194.93.190.194]) by whale.gu.kiev.ua (8.7.5/8.7.3) with SMTP id OAA28194; Thu, 16 Jan 1997 14:11:03 +0200 Date: Thu, 16 Jan 1997 14:11:10 +0200 (EET) From: Andrew Stesin To: Julian Elischer cc: Brian Somers , freebsd-hackers@freebsd.org Subject: Re: FreeBSD as an ISDN Router In-Reply-To: <32DE0601.794BDF32@whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 16 Jan 1997, Julian Elischer wrote: > I still like the possibilty of the 'goto ' in our code using the > line numbers and I don't see the 'not' operation phk just added. No opinions. > We'd still like to see a 'divert' option.. > it just has too many uses I didn't got myself used to it yet, sorry... So no opinions as well. (How can I discuss things I don't know about? :) > but most of THAT code is independent of ipfw and ipfilter could > add it with almost no work.. Seems to be true. > Poul and others.. > The linux code has diverged almost completely away, BTW. Recent ipfwadm for Linux releases DO HAVE certain advantages even comparing to IPfilter, I'm speaking about NAT-style functionality. NAT in IPfilter, yes it do work, after some critical bugs were fixed recently; but it needs some effort to get brought into 2.2 branch, though Darren said that he's going to do this -- but not yet. ipfwadm, on the other hand, a) works flawlessly on Linux b) it is able to do a pretty smart things, i.e. selective NAT based on destination address (or range) as well. And this _is_ cool! ;) > I'm wondering which way give us more 'bang for our buck'? [...] > the transparent proxy support is really important. I think that this _is_ the answer. > pitty > I feel like I'm betraying some long term trusted friend :) As for me, back in the days when I started doing those things like IP filtering and NAT, FreeBSD's ipfw had critical bugs and didn't have requested functionality. So I never enabled it in my kernels, using different versions of IPfilter instead. Offtopic P.S. As about NAT -- cisco's implementation from IOS 11.2 will become a de-facto standard soon, I think; if not yet. There were even rumours that a new Gated will change a style&syntax of config file to those of cisco's EXEC... Something one can think about? Best regards, Andrew Stesin nic-hdl: ST73-RIPE