Date: Fri, 31 Jan 2003 00:43:10 +0000 From: AMAKAWA Shuhei <sa264@cam.ac.uk> To: <barbish@a1poweruser.com> Cc: "Willie Viljoen" <will@unfoldings.net>, <freebsd-ipfw@freebsd.org> Subject: Re: Error in ipfw manpage for stateful rules? Message-ID: <E18ePGw-0000fq-00@m218-3.phy.cam.ac.uk> In-Reply-To: <MIEPLLIBMLEEABPDBIEGCENODEAA.barbish@a1poweruser.com> References: <200301301630.19610.will@unfoldings.net> <MIEPLLIBMLEEABPDBIEGCENODEAA.barbish@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At Thu, 30 Jan 2003 11:18:40 -0500, JoeB wrote: > > Well I think you make my point for me very well by pointing out that > net.inet.ip.fw.one_pass=0 and the NATD option -d are necessary > to get it to function correctly. No. It is possible to do stateful ipfw+natd without net.inet.ip.fw.one_pass=0 and natd -d, although it's not so obvious. Some hint is in the message which I posted several days ago. The fact that you don't know how doesn't mean it's impossible. > And I must again point out that no > where > are these additional keep-state requirements documented. Yes, but that's a separate issue. > This is the part that is missing from the documentation when talking > about > IPFW / NATD with keep-state rules. > Where in the IPFW documentation is this stated, and shouldn't there > be > an example of this method included in FBSD? Absolutely. It will be nicer if there are more tutorial stuff that goes over such subtleties. > And I must still point out that my statement is still true. > That keep-state rules do not function correctly in IPFW/NATD. not true To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E18ePGw-0000fq-00>