Date: Wed, 21 Oct 1998 08:48:45 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: Dan Busarow <dan@dpcsys.com>, Matt Prigge <prigge@bucknell.edu>, FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Cc: Matt Prigge <prigge@bucknell.edu>, FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Subject: Re: More IPFW/natd trouble, but I'm close! Message-ID: <199810201948.IAA17502@cyclops.xtra.co.nz> In-Reply-To: <Pine.BSF.3.96.981020100014.3227H-100000@java.dpcsys.com> References: <199810200934.WAA15675@witch.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 Oct 98, at 10:03, Dan Busarow wrote: > On Tue, 20 Oct 1998, Dan Langille wrote: > > If I read this correctly, we have two conflicting views. One says do > > the divert early. The other says do the divert late. > > Not sure where you are seeing a divert late view. From the natd > man page (and Matt's post) > > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via ed0 > /sbin/ipfw add pass all from any to any > The second line depends on your interface (change ed0 as appropri- > ate) and assumes that you've updated /etc/services with the natd en- try > as above. If you specify real firewall rules, it's best to > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > specify line 2 at the start of the script so that natd sees all > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > packets before they are dropped by the firewall. The firewall rules > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ will be run again on > each packet after translation by natd, minus any divert rules. Yes, thanks. I was sure I saw some suggesting the alternative. And I saw the same recommendation within The Complete FreeBSD. Cheers. -- Dan Langille DVL Software Limited The FreeBSD Diary - my [mis]adventures http://www.FreeBSDDiary.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810201948.IAA17502>