From owner-freebsd-isp Fri Feb 6 01:54:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA10591 for freebsd-isp-outgoing; Fri, 6 Feb 1998 01:54:30 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from relay.linkdesign.com (relay.linkdesign.com [194.42.128.250]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA10585 for ; Fri, 6 Feb 1998 01:54:25 -0800 (PST) (envelope-from michael@linkdesign.com) Received: from cyprus.vds.linkdesign.com (host51.bln.de [194.162.193.203]) by relay.linkdesign.com (8.8.8/8.8.6) with ESMTP id LAA07791; Fri, 6 Feb 1998 11:54:10 +0200 (EET) Received: from linkdesign.com (localhost [127.0.0.1]) by cyprus.vds.linkdesign.com (8.8.8/8.8.8) with ESMTP id KAA13037; Fri, 6 Feb 1998 10:51:39 +0100 (CET) (envelope-from michael@linkdesign.com) Message-Id: <199802060951.KAA13037@cyprus.vds.linkdesign.com> Date: Fri, 6 Feb 1998 10:51:34 +0100 (CET) From: Michael.Bielicki@linkdesign.com Reply-To: Michael.Bielicki@linkdesign.com Subject: Re: Natd and ipfw To: jakob@teligent.se cc: isp@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: MULTIPART/signed; micalg=pgp-md5; protocol="application/pgp-signature"; BOUNDARY="0-846930886-886758703=:28837" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe freebsd-isp" --0-846930886-886758703=:28837 Content-Type: TEXT/plain; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE We run for a couple of customers firewalls based among other stuff on ipfw and natd. Depeding wheere you divert the packets in the firewall rule list of ipfw natd is masquerading before or after filtering. Best is before filtering but after the filtering for the interface of the localmachine is done.=20 Regards Michael On 6 Feb, Jakob Alvermark shaped the electrons to say: > Hello. >=20 > I've got plans for setting up a firewall kind of machine. Ipfw to do > filtering, and maybe natd to masquerade the internal network. I have a fe= w > questions about this though.=20 > Does ipfw and natd work good together? Are the addresses translated befor= e > or after ipfilter?=20 >=20 > /Jakob Alvermark >=20 > ------------------------------------------------------- > Teligent AB, P.O. Box 213, S-149 23 Nyn=E4shamn, Sweden =20 > Telephone +46-(0)8 520 660 00 * Fax +46-(0)8 520 193 36=20 > Direct +46-(0)8 520 660 32 * GSM +46-(0)70 792 16 57 >=20 --=20 Michael Bielicki Buisnetco Telecom. Ltd. Link Design International= Ltd. 13 Iras Str., Office 23 65, Cliff Rd, Tr= amore Nicosia 1061, Cyprus http://www.linkdesign.com Co. Waterford, Ir= eland Voice: +357-2-362 421 Voice: +353-51-3= 86921 Fax: +357-2-362 429 We use FreeBSD Fax: +353-51-3= 90880 --0-846930886-886758703=:28837 Content-Type: APPLICATION/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.3ia Comment: Requires PGP version 2.6 or later. iQCVAwUBNNrdKcneSpf+YTVhAQGmUAP8DvaNvwPKFxkVD0XcopdJykeG/gm/nmfn mUXFo2HtOIY1YYw5QXMYNU65M6of0j2cwzqB8K8XmaUgF6rfMoWzPk7pHOSiUMYP 9T9eF4ZbBoclH32lyunSBQFK8OJIXeZcswHKdYWe8Ft8gWqZz38qCC+kYD4taqCO r5FZRZ9q8/E= =QCA3 -----END PGP MESSAGE----- --0-846930886-886758703=:28837--