Darren Reed wrote:
>
> In some email I received from Gunther Schadow, sie wrote:
> [...]
> > As an added benefit, the two network interfaces tun0 and fxp0 allow
> > me to cope with the limited power of IPFILTER's NAT rules (as compared
> > to IPFW).
>
> What is so limiting about NAT in IPFilter ?
>
> AFAIK, apart from packet matching capability, IPFilter NAT kicks ass over
> ipfw or am I wrong ?
No offense, but refer to my earlier posting about IPfilter's NAT
matching being "both too complicated and too limited". In short,
I cannot exclude a bunch of srcdst rules from being NATed. This
is a major limitation for me. Generally I agree to your positive
sentiment about IPFILTER, but sometimes the devil is in the little
detail.
regards
-Gunther
--
Gunther Schadow, M.D., Ph.D. [EMAIL PROTECTED]
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
