does NATd _prevent_ use of stateful ipfw rules w/ keep-state?

OpenMacNews freebsd-ipfw.20.openmacews at
Wed Jun 2 15:47:24 PDT 2004

> just about every sentence above is false.
> nothing prevents you from using stateful ipfw rules with natd,
> _but_ you must understand very well the packet's flow and how
> addresses are transformed or you won't get what you want.
> personally i see almost always only disadvantages (basically, it is much
> easier to screw up your configuration) in using both because nat is
> already stateful

well, since I'm "not getting what I want" because I'm probably "screw(ing) up my configuration", I suppose this is good news ;-)

thanks for the clarification!

now, back to slogging through my config problems ...


More information about the freebsd-ipfw mailing list