Re: IPPORTFW vs MFW
On 6 Apr 2001, at 18:15, Robert Davies wrote:
> > I'm wanting to setup port forwarding of some sort on my Debian firewall
> box.
> > Looking at the IP_masquerade HOWTO it talks about IPPORTFW and MFW. Which
> of
> > these is better (?) to use? The HOWTO has a bit of info on IPPORTFW but
> none on
> > MFW - is there any examples/howto's of MFW around?
>
> As I didn't see any reply to this, here goes...
>
> I've used the MFW rules to pass through HTTP, POP and IMAP through a
> firewall. I used it simply because it was 'recommended to use the new MFW
> feature' in the ipchains and ipmasqadm documentation I read. I would have
> liked to have had some reasons given, but never saw any, one could speculate
> on it being more efficient or secure, but I have no idea.
>
> The MFW works on the initial connection, and marks the stream labelled with
> an arbitary integer, I used the underlying well known port number to avoid
> confusion. Then you set up the masquerading rules for that port.
>
> Once I'd found the right documentaion and the ipmasqadm HOWTO and examples,
> I didn't have any problem with it all. As such I've forgotten the exact
> details, but if you need it, ask me for a section of the shell script I
> posted early this year, and I'll dig it out for you.
Thanks Rod for the info. I re-compiled my kernel with mfw support and all seems
to be working well using mfw - dont know why I couldnt get portfw working but
that is not an issue now!
Lex
-------======------======------======------======-------
Lex McPhail
Systems Analyst/Programmer
Systems Software & Instrumentation Ltd
Christchurch
New Zealand
email: lex@ssiltd.co.nz
Reply to: