On 3/17/12 1:36 AM, Da Rock wrote:
On 03/14/12 17:09, Rémy Sanchez wrote:
On Saturday 10 March 2012 00:39:24 Da Rock wrote:
I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I
believe) was using 4.3. I'm now attempting to use IPFW for some tests
(and hopefully move to production), and I'm trying to determine how I
would setup binat using IPFW; or even if its possible at all.
I've been hunting some more in depth documentation, but it appears
to be
scarce/not definitive. I suspect using the modes in libalias such as
"use same ports" and "reverse" might be able to do what I'm
looking for?
Any clarity much appreciated.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to
"freebsd-ipfw-unsubscr...@freebsd.org"
Well, what do you want to do with your firewall ?
Because ipfw is kick-ass for QoS management, and is fairly simple
to use in
other tasks, but if you want to do some complex NAT, it's going to
be a pain
in comparison to what pf offers.
Just make sure of what your main requirement is :)
My 2 cents,
Bluntly put, but very accurate :)
I want it to do something pf cant - port forward ipsec packets for
Android L2TP/IPSec. Apparently (according to pfsense experts) it is
impossible until Android 3.0 or 4.0. My next port of call will be
ipfilter, and thats a known working solution but I want to use more
robust native tools.
you need to really explain what you want here.. do you want the IP
packets to still have the original ports/addesses in them or do you
want to have the packets untouched, but redirected?
a picture helps too.
As for being a pita - I don't know. It doesn't seem any harder to
me, could even be easier; seems to be a psychological thing. I'll
get back to you (the list) when I have achieved an outcome and let
you know. So far I haven't had to compile a new kernel, so thats a
definite plus... that could change though. More info in the next
episode ;) I've just finished wrestling with certificate
generation.... grr! It was easier last time, not sure what has been
the issue this time.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"