Packet flow through IPFW+IPF+IPNAT ?
Vandyuk Eugene
duke at irpen.kiev.ua
Mon Jun 2 08:19:33 PDT 2003
On Mon, Jun 02, 2003 at 10:43:07AM -0400, Matthew George wrote:
> On Sat, 31 May 2003, Vandyuk Eugene wrote:
>
> > What's the path?
> > incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
> > outgoing: IPFW Layer2 -> IPFW&Dummynet -> IPFilter -> IPNAT ?
> > Is this correct? Or IPNAT on the incoming packets run before IPFW L3:
> > incoming: IPFW Layer2 -> IPNAT -> IPFW&Dummynet -> IPFilter ?
> > I think this path is more preferable, because IPFW always use not
> > masqueraded IP-headers.
> >
>
> I have ipfw compiled in and run ipfilter as a kld
>
> the way it works is ipfw -> ipnat -> ipfilter
>
> ipnat and all state matching for ipfilter is performed prior to ruleset
> processing
>
But this way only for incoming packets. And wat's the way for outgoing?
IPFW -> IPFilter -> IPNAT OR IPFilter -> IPNAT -> IPFW ???
More information about the freebsd-security
mailing list