how to configure a FreeBSD firewall to pass IPSec?
V. M. Smith
vmsmith at grokking.org
Thu May 1 12:32:56 PDT 2003
Guy:
FWIW, I tried ipfw/natd a few weeks ago but couldn't seem to get it to keep state properly through NAT. Eventually I gave up and turned to ipf/ipnat and have been happy with it ever since.
I thought I read somewhere that ipfw/natd is the more "native" of the two systems and been a part of FreeBSD for a longer time but someone more experienced with the OS than myself can probably shed more light on this. Also, I think ipfw has better application for traffic shaping, if that's a feature you want/need. Some claim you can successfully mix the two simultaneously but I'm not familiar (or brave) enough to try :)
VS
------------------------------
Message: 9
Date: Thu, 1 May 2003 10:46:22 -0400
From: Guy Middleton <guy at obstruction.com>
Subject: Re: how to configure a FreeBSD firewall to pass IPSec?
To: freebsd-security at freebsd.org
Message-ID: <20030501104614.A29056 at chaos.obstruction.com>
Content-Type: text/plain; charset=us-ascii
Thanks to everybody for the suggestions, I'll try them this weekend.
The discussion brings up a question:
Until now (and as recommended in the Handbook), I have been using ifpw
and natd. Everybody here who has IPSec client passthrough working seems
to use ifw/ipnat. Is ipf/ipnat more flexible? And why is there more than
one firewalling scheme in FreeBSD?
------------------------------
_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
End of freebsd-security Digest, Vol 6, Issue 3
**********************************************
More information about the freebsd-security
mailing list