Suggestion regarding a new option for IPFW2

Sten Daniel Sørsdal sten.daniel.sorsdal at wan.no
Sat Aug 2 11:47:04 PDT 2003

Previous message: IPFW, Nat and transparent proxy ( on different machines )
Next message: kern/53624: patches for ipfw2 to support ipsec packet filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> TCP resets MUST already come with the source address rewritten 
> otherwise it won't match up with the connection attempt on the
> original host.  If you look in ip_fw2.c:
> 
[snip]

Yes, but if you read my original message i was referring to icmp 
error messages as well, but thanks for clarifying/excluding the 
tcp resets.

- Sten

Previous message: IPFW, Nat and transparent proxy ( on different machines )
Next message: kern/53624: patches for ipfw2 to support ipsec packet filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the freebsd-ipfw mailing list