The possible issue is is that once NAT changes the IP address and possibly the port number, state tracking can no longer be applied. AKA, the packet headers before the NAT is different than the packet headers after. This is why NAT needs to track the state instead of ipfw. _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
- Re: [RFC][patch] Two new actions: state-allow and state-de... Ian Smith
- Re: [RFC][patch] Two new actions: state-allow and sta... Lev Serebryakov
- Re: [RFC][patch] Two new actions: state-allow and... Ian Smith
- Re: [RFC][patch] Two new actions: state-allow and... Julian Elischer
- Re: [RFC][patch] Two new actions: state-allow... Lev Serebryakov
- Re: [RFC][patch] Two new actions: state-a... Julian Elischer
- Re: [RFC][patch] Two new actions: st... Lev Serebryakov
- Re: [RFC][patch] Two new actions: st... Ian Smith
- Re: [RFC][patch] Two new actions... Lev Serebryakov
- Re: [RFC][patch] Two new actions... Lev Serebryakov
- Re: [RFC][patch] Two new actions... Jason Lewis
- Re: [RFC][patch] Two new actions... Lev Serebryakov
