Date: Wed, 31 Jan 2001 10:57:10 +0800 From: Erwan Arzur <erwan@netvalue.com> To: jim@bedlam.demon.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: ipfw vs ipf (again) Message-ID: <3A777F06.7BD592FA@netvalue.com> References: <tt7e7t84lbmitdtkjtuu29ff56is6582rl@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Hatfield wrote:
> - packet forwarding, in support of a transparent http proxy. I can't
> see an equivalent of ipfw fwd, which will change the next hop address
> but leave the packet untouched (unless it's the fastroute feature,
> though it doesn't seem intended for this).
look at the rdr feature of ipnat. I've no experience with it though.
From man 5 ipnat
rdr that is used for redirecting packets to one IP
address and port pair to another;
>
> - selective NAT'ing. I want to only NAT packets which are headed to
> the Internet. Packets for our DMZ, on the "outside" interface of the
> router, and to our other offices via a VPN gateway, shouldn't be
> NAT'ed. ipfw makes this fairly easy but it didn't look so simple with
> ipf.
>
Uh ? again, man 5 ipnat. You don't need to specify any ipf rule in order
to do that.
map <external i/f> <internal network> -> <external address>
Isn't it selective enough ?
--
Erwan Arzur
NetValue ltd.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A777F06.7BD592FA>