does NATd _prevent_ use of stateful ipfw rules w/ keep-state?
OpenMacNews
freebsd-ipfw.20.openmacews at spamgourmet.com
Wed Jun 2 15:47:24 PDT 2004
> just about every sentence above is false.
>
> nothing prevents you from using stateful ipfw rules with natd,
> _but_ you must understand very well the packet's flow and how
> addresses are transformed or you won't get what you want.
>
> personally i see almost always only disadvantages (basically, it is much
> easier to screw up your configuration) in using both because nat is
> already stateful
well, since I'm "not getting what I want" because I'm probably "screw(ing) up my configuration", I suppose this is good news ;-)
thanks for the clarification!
now, back to slogging through my config problems ...
richard
More information about the freebsd-ipfw
mailing list