Re: Revisiting: ipfilter/ipnat problems on -current

To: Paul Goyette <paul%whooppee.com@localhost>
Subject: Re: Revisiting: ipfilter/ipnat problems on -current
From: Patrick Welche <prlw1%cam.ac.uk@localhost>
Date: Sun, 7 Sep 2008 16:33:58 +0100

On Sun, Sep 07, 2008 at 08:29:04AM -0700, Paul Goyette wrote:
>>> The obvious solution might be "turn off
>>> ipfilter/ipnat" but I need ipnat - I don't have enough fixed IP
>>> addresses for everything - and I'm not willing to go out and buy a
>>> stand-alone device.  :)
>>
>> try pf instead?
>
> Got any example of how to make ipnat work with pf?  I thought that the  
> two (ipnat and ipfilter) were intimately tied together?

Rather than ipf.conf and ipnat.conf for ipf, you pop both the filtering
rules and the translation rules into pf.conf,
e.g., /usr/share/examples/pf/faq-example1 has some nat and rdr rules.
(Really, just look at pf.conf(5))

Cheers,

Patrick

Follow-Ups:
- Re: Revisiting: ipfilter/ipnat problems on -current
  - From: Paul Goyette

References:
- Revisiting: ipfilter/ipnat problems on -current
  - From: Paul Goyette
- Re: Revisiting: ipfilter/ipnat problems on -current
  - From: Paul Goyette

Prev by Date: Re: Revisiting: ipfilter/ipnat problems on -current
Next by Date: [PATCH] Add PCI-IDs for ASUS-F5SL and some SiS chips
Previous by Thread: Re: Revisiting: ipfilter/ipnat problems on -current
Next by Thread: Re: Revisiting: ipfilter/ipnat problems on -current
Indexes:

Home | Main Index | Thread Index | Old Index