IPFW2 ve -stable a aktualizace source upgrade

Roman Neuhauser neuhauser at bellavista.cz
Wed Jul 24 21:16:33 CEST 2002 

> Date: Wed, 24 Jul 2002 18:35:39 +0200 (CEST)
> From: Martin Horcicka <horcicka at freebsd.cz>
> To: users-l at freebsd.cz
> Subject: Re: IPFW2 ve -stable a aktualizace source upgrade
> 
> Ahoj,
> 
> Roman Neuhauser (2002-07-24 17:44 +0200):
> 
> >     zdravim. mne na ipfw docela odrazuje jeho udajne slabsi podpora
> >     NATu (viz nekolik emailu... no, mozna spis rantu) od
> >     "Joe & Fhe Barbish" <barbish at a1poweruser.com> na freebsd-questions at .
> >
> >     planuju instalaci jednoho firewallu, a uvazuju o kombinaci
> >     ipfw/dummynet na trafic shaping a ipf/ipnat na firewalling/NAT.
> >
> >     dva dotazy: 1) jak to ve skutecnosti vypada v ipfw se spolupraci s
> >     natd, a 2) mate nekdo zkusenosti s kombinaci, kterou jsem popsal?
> 
> ja se priznam, ze moc neznam ipf a rovnez jsem necetl prispevky vyse
> zmineneho Joea, ale mohu rici, ze vim o pouziti ipfw+natd na nekolika
> routerech, sam ho pozivam napr. na jednom routeru, kde prekladam
> adresy na trech rozhranich a nezaznamenal jsem zadne problemy. Ma
> nekdo jine zkusenosti? Umi snad ipf v oblasti prekladu adres neco
> navic?

    email, ve kterem C. J. Clark rika, ze advanced stateful pravidla v
    podstate nejdou rozchodit s natd(8):

    http://marc.theaimsgroup.com/?l=freebsd-questions&m=101397069005031&w=2

    respective, on tam jenom rika "do not work well together", ale
    z celeho toho threadu vyplyva, ze tyhle dve veci nejdou vubec
    dohromady.

    thread zacina tady:
    http://marc.theaimsgroup.com/?l=freebsd-isp&m=101381594903897&w=2


    http://www.freebsd-howto.com/HOWTO/Ipfw-Advanced-Supplement-HOWTO:

    I wrote emails to the IPFW authors, gave then 2 documented examples
    of rules sets using exclusively advanced stateful rules and user ppp
    dial up ISP, the only difference was one used user ppp -nat and did
    not have the divert natd rule and worked while the other one had the
    divert natd rule and no user ppp -nat and did not work. After much
    conflicting correspondences the results were that they were not
    going to do anything about it and I was left on my own.

-- 
Roman
Sel pantata / na prasata / boubelata / RATATATA!

More information about the Users-l mailing list