--On Wednesday, November 27, 2002 8:48 PM -0500 "C. Dummy" <[EMAIL PROTECTED]> wrote:
It is dangerous to try to map these different notions, but:I'm trying to move from Dachstein to Bering but I have to rewrite few rules. Is autofw and portfw from Dachstein , DNAT in Shorewall or there is a difference? Andrey
DNAT is roughly the equivalent of portfw plus a bunch of accept rules; iptables is stateful and has a very simple model for its rules while ipchains presents an absurd gauntlet of rules that each packet has to pass through, not to mention another series that treplies must negotiate.
In other words, a single Shorewall DNAT rule performs portforwarding and passes the traffic to/from the server -- in ipchains, you had to have a portfw rule PLUS a set of ipchains rules to move the packets through your firewall.
There is no direct analog of autofw in Bering.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: teastep \ http://shorewall.sf.net
ICQ: #60745924 \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
