Re: IPPORTFW vs MFW

To: <lex@ssiltd.co.nz>, <debian-firewall@lists.debian.org>
Subject: Re: IPPORTFW vs MFW
From: "Robert Davies" <Rob_Davies@NTLWorld.Com>
Date: Fri, 6 Apr 2001 18:15:33 +0100
Message-id: <000301c0bedc$38637aa0$e43b68d5@oak>
References: <3ACB4DE3.27001.9679570@localhost>

> I'm wanting to setup port forwarding of some sort on my Debian firewall
box.
> Looking at the IP_masquerade HOWTO it talks about IPPORTFW and MFW.  Which
of
> these is better (?) to use? The HOWTO has a bit of info on IPPORTFW but
none on
> MFW - is there any examples/howto's of MFW around?

As I didn't see any reply to this, here goes...

I've used the MFW rules to pass through HTTP, POP and IMAP through a
firewall.  I used it simply because it was 'recommended to use the new MFW
feature' in the ipchains and ipmasqadm documentation I read.  I would have
liked to have had some reasons given, but never saw any, one could speculate
on it being more efficient or secure, but I have no idea.

The MFW works on the initial connection, and marks the stream labelled with
an arbitary integer, I used the underlying well known port number to avoid
confusion.  Then you set up the masquerading rules for that port.

Once I'd found the right documentaion and the ipmasqadm HOWTO and examples,
I didn't have any problem with it all.  As such I've forgotten the exact
details, but if you need it, ask me for a section of the shell script I
posted early this year, and I'll dig it out for you.

Regards Rob

Reply to:

Follow-Ups:
- Re: IPPORTFW vs MFW
  - From: "Lex McPhail" <lex@ssiltd.co.nz>

References:
- IPPORTFW vs MFW
  - From: "Lex McPhail" <lex@ssiltd.co.nz>

Prev by Date: Unidentified subject!
Next by Date: Re: FTP Server behind firewall.
Previous by thread: IPPORTFW vs MFW
Next by thread: Re: IPPORTFW vs MFW
Index(es):
- Date
- Thread