Date: Thu, 21 Jul 2005 22:11:28 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Subject: Re: error in man ipfw / divert Message-ID: <200507212211.30185.asstec@matik.com.br> In-Reply-To: <20050721153016.A87676@xorpc.icir.org> References: <20050721214242.GA2201@Alex.lan> <20050721153016.A87676@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 21 July 2005 19:30, Luigi Rizzo wrote: > > as far as ipfw is concerned, the search terminates. it is up to > the userland app to reinject the packet, and it might well not > do so if the packet should be processed differntly. may be the thing is not well explained or not well read IMO this divert manpage parts are relevant "Packets are diverted either as they are ``incoming'' or ``outgoing.'' Incoming packets are diverted after reception on an IP interface, whereas outgoing packets are diverted before next hop forwarding." and "The port part of the socket address passed to the sendto(2) contains a tag that should be meaningful to the diversion module. In the case of ipfw(8) the tag is interpreted as the rule number after which rule processing should restart." what means for me that either one (in|out) applies after diverting probably it apllies to the next ipfw rule (but not based on ipfw) so like Luigi said > so i believe the ipfw manpage is correct. I believe this also even if not so good explained in man ipfw, but what concerns ipfw it is correct because it does not depend on ipfw if the package goes through it again but anyway the ipfw manpage BUGS part say it all so if you do not pay attention to natd flags and divert rule numbers and options you may think it does not work, still worse when using more than 2 nics and transparent proxying on the same machine then standard how-to-natd really does not work as you aspect or does not work at all Hans -- Infomatik Internet Technology http://www.matik.com.br A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507212211.30185.asstec>