On Fri, 3 Jan 2003, randall ehren wrote: > not to stray too far, but if IPFW is set to allow all incoming packets and is > only used for shaping, and you have ipfilter handling nat, then it seems it > would just be: > network card --> IPFW (traffic shape) --> IPF (filter+nat) --> userland > i guess an internally NAT address would go back out as: > IPF --> IPFW --> network card
We actually found it goes: Internal Net -> NIC -> IPF+NAT -> IPFW -> World World -> IPF+NAT -> IPFW -> NIC -> Internal net After seeing this, I didn't even bother to see what the interal side of the router processed as. I'm sure it would have given me a headache trying to set up the runs. Suffice to say, IPF+NAT always sees the packets first (at least on the outer side of the router) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
