Date: Tue, 20 Oct 1998 22:40:50 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Subject: ipfw: divert natd - early or late? Message-ID: <199810200940.WAA21150@cyclops.xtra.co.nz>
next in thread | raw e-mail | index | archive | help
I run ipfw on my subnet. I also run natd as I have one nic for the subnet and another for my ISP. I've seen two conflicting recommendations lately regarding the placement of the divert statement. In fact, rc.firewall for version 2.2.7 comes with natd divert support built in (see below). And it places the divert very high up. I'd like to know more. Especially consider the fact that I'm having trouble with the following rule when using the simple model: #$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} Direction from the gurus would be appreciated. Cheers. extra from rc.firewall: ############ # Flush out the list before we begin. $fwcmd -f flush ############ # These rules are required for using natd. All packets are passed to natd befor # they encounter your remaining rules. The firewall rules will then be run agai # on each packet after translation by natd, minus any divert rules (see natd(8)) if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then $fwcmd add divert natd all from any to any via ${natd_interface} fi -- Dan Langille DVL Software Limited The FreeBSD Diary - my [mis]adventures http://www.FreeBSDDiary.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810200940.WAA21150>