[repost] ip.forwarding with pf

Giorgos Keramidas keramida at ceid.upatras.gr
Thu Mar 3 10:27:43 PST 2005


On 2005-03-03 18:13, Chris Hodgins <chodgins at cis.strath.ac.uk> wrote:
> Giorgos Keramidas wrote:
>>On 2005-03-03 10:15, Tomas Quintero <tomasq at gmail.com> wrote:
>>>On Thu, 03 Mar 2005 06:30:52 -0600, J.D. Bronson <jbronson at wixb.com> wrote:
>>>> No one replied to this and I thought it was easy for someone on
>>>> this list to help me?
>>>>
>>>> I am going to run pf and setup FBSD as a router (3 NICs).  And I
>>>> see there are some options:
>>>>
>>>> net.inet.ip.fastforwarding
>>>> or
>>>> net.inet.ip.forwarding
>>>>
>>>> Can someone tell me which is appropriate when FreeBSD 5.4-PRE is
>>>> used as a router running pf with built in NAT ?
>>
>> As far as the original question, regarding PF and forwarding, the
>> answer is AFAIK, that it should work.  I haven't used PF's network
>> address translation until now, but I don't see why it wouldn't work.
>>
>> Packet forwarding is, unless I'm mistaken, a prerequisite for any
>> gateway.  The fact that the gateway also translates addresses is not
>> obligatory but just a characteristics of the local network topology
>> (i.e. availability of public addresses).
>
> Hmm I found this:
> http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html
>
> Google for "freebsd net.inet.ip.fastforwarding".

Teh source is always a better source of documentation :)

If you look at /usr/src/sys/netinet/ip_fastfwd.c, the comments near the
top say the following:

 *
 * Firewalling is fully supported including divert, ipfw fwd and ipfilter
 * ipnat and address rewrite.
 *

Reading the body of the ip_fastforward() function is also very helpful.
It contains both hooks for ALTQ and PFIL processing of the incoming
packets, so the answer to the original question is that "yes, address
rewriting and bandwidth shaping work with fast forwarding too".

- Giorgos



More information about the freebsd-questions mailing list