how to configure a FreeBSD firewall to pass IPSec?

[V. M. Smith]

Guy:

FWIW, I tried ipfw/natd a few weeks ago but couldn't seem to get it to keep state properly through NAT. Eventually I gave up and turned to ipf/ipnat and have been happy with it ever since.

I thought I read somewhere that ipfw/natd is the more "native" of the two systems and been a part of FreeBSD for a longer time but someone more experienced with the OS than myself can probably shed more light on this. Also, I think ipfw has better application for traffic shaping, if that's a feature you want/need. Some claim you can successfully mix the two simultaneously but I'm not familiar (or brave) enough to try :)

VS

------------------------------

Message: 9
Date: Thu, 1 May 2003 10:46:22 -0400
From: Guy Middleton <guy at obstruction.com>
Subject: Re: how to configure a FreeBSD firewall to pass IPSec?
To: freebsd-security at freebsd.org
Message-ID: <20030501104614.A29056 at chaos.obstruction.com>
Content-Type: text/plain; charset=us-ascii

Thanks to everybody for the suggestions, I'll try them this weekend.

The discussion brings up a question:

Until now (and as recommended in the Handbook), I have been using ifpw
and natd.  Everybody here who has IPSec client passthrough working seems
to use ifw/ipnat.  Is ipf/ipnat more flexible? And why is there more than
one firewalling scheme in FreeBSD?

------------------------------

_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

End of freebsd-security Digest, Vol 6, Issue 3
**********************************************