IPFW PF & IPFW: packet passing order

M

mlevel

Hi,
I want to setup PF for round-robin NAT and ipfw for traffic shaping and filtering, but I can't find an appropriate description of a packet trip through firewalls in FreeBSD.
So if I'll specify in rc.conf:
Code: 
firewall_enable="YES"
dummynet_enable="YES"
pf_enable="YES"
will it mean that packet will go through ipfw first, and then will be forwarded to pf?
For me it matters, because I want to do filtering/shaping first of all, and then proceed to NAT.
Thanks.
 
Don't run two firewalls, the result will be extremely unpredictable. Use one or the other, not both.
 
SirDice said:
Don't run two firewalls, the result will be extremely unpredictable. Use one or the other, not both.
Click to expand...
I'm using IPFW kernel NAT right now, but I want to move to PF because it has round-robin feature. And I have a lof of users in small subnets (/28) which I need to NAT into a 20 public IP addresses. It's hard for me to maintain current IPFW config, because I want to be sure that some of the public IP addresses aren't overloaded by number of users.
So I think round-robin NAT in PF will be a better solution.
But on the other hand dummynet is better than ALTQ for massive shaping.
 
You must log in or register to reply here.
Back
Top