Date: Tue, 04 Dec 2001 10:18:36 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: freebsd-questions@FreeBSD.org Subject: ipnat & ipfirewall ordering Message-ID: <13427.1007453916@axl.seasidesoftware.co.za>
next in thread | raw e-mail | index | archive | help
Hi folks, I'm migrating a firewall from natd to ipnat. I would like to continue using ipfirewall for packet filtering at this stage. Baby steps. It looks to me like the order in which things happen is: ipfilter (Allow all) ipnat (1:1 bimaps) ipfirewall (Actual packet filtering) This means that I need to change all my ipfirewall rules to use the nat'd (private) addresses of protected hosts, rather than the real (public) addresses as I did things before. Am I correct about the order in which things are happening? Do I really need to change all my ipfirewall rules, or is there a trick to having ipfirewall processing done _before_ ipnat processing? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13427.1007453916>