on 6/9/04 9:21 am, Mipam at [EMAIL PROTECTED] wrote: > Hmm i see, so for outbound traffic over $ext_if > 1) nat > 2) filtering > > And for inbound traffic first filtering and then nat. > For ipf its the other way around, okay, it clears things up, thank you.
No, it's always NAT then filtering. However, NAT creates an implicit state, so inbound traffic is always allowed back in through $ext_if. > Okay, but in the first rule i cannot use a.b.c/24, because natting will > happen after filtering inbound right? Oh, if you're trying to let outside people into your NATted network (e.g. you have a web server behind your firewall), then you'll need to use port forwarding or a rdr. Or have I misunderstood? Oliver. -- Oliver Humpage ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444 E-mails received are assumed to be for my attention, to do with as I wish. No responsibility is accepted if communications are sent to me in error. This disclaimer has as much legal status as yours.
