Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.idt.net!enews.sgi.com!news.corp.sgi.com!news.sgi.com!newsfeed.nacamar.de!uunet!in2.uu.net!204.147.226.2!quack!quack.kfu.com!nsayer From: nsayer@quack.kfu.com (Nick Sayer) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: IPFW, NAT and IP Masquerading Date: 9 Apr 1997 00:01:21 GMT Organization: The Duck Pond public unix - http://www.kfu.com/ Lines: 18 Message-ID: <5iem8h$3lp$1@phoenix.kfu.com> References: <01bc4435$e938cae0$0c428c8c@zloty.brooks.af.mil> <334a81ef.604167869@news.us.world.net> NNTP-Posting-Host: quack.kfu.com X-Newsreader: NN version 6.5.1 (NOV) Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:38756 michaele@mxim.com-ANTISPAM- (Michael Enkelis) writes: >What I now need to ask is if NATD can co-exist with IPFW running >real firewall rules, not a "pass all" mode as programmed by NATD? Sure. Put the natd rules last. You want to do all of the pass/reject decisions before you do the address translation. Note that once a packet matches a divert rule, it will not be sent to any subsequent rules. That's another reason to put those rules last. -- Nick Sayer <nsayer@quack.kfu.com> | "At least I have the artistic talent N6QQQ @ N0ARY.#NORCAL.CA.USA.NOAM | to put some ascii-art in my .sig" +1 408 249 9630, log in as 'guest' | -- Andrew Murphy URL: http://www.kfu.com/~nsayer/ | (new motto of alt.fan.warlord)