NAT is not bridging. IPFILTER does not work with bridging -- you will not protect packets flowing through a bridge, only the local machine. IPFIREWALL will filter bridged packets. Tom Veldhouse [EMAIL PROTECTED] ----- Original Message ----- From: "Mike Harding" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 09, 2001 9:19 AM Subject: Re: 4.2-R, bridging and ipfilter > > IPFILTER works great - we use it on a T1 at work for about 20 people > for NAT and transparent squid proxying and it never hiccups and there > is no noticeable load on the system. IPFW defaults to a 5 minute > timeout on sessions, ipfilter to 5 _days_ so it behaves much more like > what people expect. I suspect that ipfilter is used for more > 'industrial strength' uses. > > Also, the NAT in ipfilter is kernel based so it's quite fast. > > - Mike H. > > From: "Thomas T. Veldhouse" <[EMAIL PROTECTED]> > Date: Fri, 9 Mar 2001 08:46:43 -0600 > Content-Type: text/plain; > charset="iso-8859-1" > X-Priority: 3 > X-MSMail-Priority: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 > Sender: [EMAIL PROTECTED] > X-Loop: FreeBSD.ORG > Precedence: bulk > > IPFILTER is an alternative to IPFIREWALL. As far as I know, IPFILTER does > not work on bridged packets -- so you can not firewall you LAN transparently > using a IPFILTER bridge. IPFIREWALL does filter bridged packets. However, > I don't believe the stateful rules processing is as robust. I was getting > errors about too many states and such -- so I went back to IPFILTER using > IPNAT (using bimap). > > Tom Veldhouse > [EMAIL PROTECTED] > > ----- Original Message ----- > From: "Christopher Schulte" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, March 08, 2001 4:03 PM > Subject: Re: 4.2-R, bridging and ipfilter > > > > At 04:48 PM 3/8/2001 -0500, [EMAIL PROTECTED] wrote: > > >Has anyone gotten bridging and ipfilter to work together with 4.2-R? > > > > Question: do you mean IPFIREWALL and bridging? > > > > If so, yes. > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-stable" in the body of the message > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
