Packet flow through IPFW+IPF+IPNAT ?
Vlad Galu
vladg at vipnet.ro
Mon Jun 2 08:21:08 PDT 2003
On Mon, 2 Jun 2003 18:17:53 +0300
Vandyuk Eugene <duke at irpen.kiev.ua> wrote:
> On Mon, Jun 02, 2003 at 10:43:07AM -0400, Matthew George wrote:
> > On Sat, 31 May 2003, Vandyuk Eugene wrote:
> >
> > > What's the path?
> > > incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
> > > outgoing: IPFW Layer2 -> IPFW&Dummynet -> IPFilter -> IPNAT ?
> > > Is this correct? Or IPNAT on the incoming packets run before IPFW L3:
> > > incoming: IPFW Layer2 -> IPNAT -> IPFW&Dummynet -> IPFilter ?
> > > I think this path is more preferable, because IPFW always use not
> > > masqueraded IP-headers.
> > >
> >
> > I have ipfw compiled in and run ipfilter as a kld
> >
> > the way it works is ipfw -> ipnat -> ipfilter
> >
> > ipnat and all state matching for ipfilter is performed prior to ruleset
> > processing
> >
>
> But this way only for incoming packets. And wat's the way for outgoing?
> IPFW -> IPFilter -> IPNAT OR IPFilter -> IPNAT -> IPFW ???
>
It's the same way as for input, only in reverse order.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
--
More information about the freebsd-security
mailing list