From owner-freebsd-questions Thu Aug 20 07:03:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA18620 for freebsd-questions-outgoing; Thu, 20 Aug 1998 07:03:39 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from core.pavilion.net (core.pavilion.net [194.242.128.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA18614 for ; Thu, 20 Aug 1998 07:03:34 -0700 (PDT) (envelope-from matt@pavilion.net) Received: (from matt@localhost) by core.pavilion.net (8.8.8/8.8.8) id PAA25896 for questions@freebsd.org; Thu, 20 Aug 1998 15:02:50 +0100 (BST) (envelope-from matt) Message-ID: <19980820150250.A23813@pavilion.net> Date: Thu, 20 Aug 1998 15:02:50 +0100 From: Matthew Spiers To: questions@FreeBSD.ORG Subject: ipfw with adress translation and ipltd Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At present we are now running ipfw on a BSD box to do routing, with a divert rule to ipltd which enables us to bandwidth restrict the subnets. We are considering using adress translation as we'd like to conserve IP space. Our understanding is that we will need another divert rule to natd. The man ipfw states ' If a packet matches more than one divert and/or tee rule, all but the last are ignored.' Now we are concerned that this might mean only one divert is possible - or does it mean diverts to a specific port are only allowed once (loop avoidance)? Or if we natd first, will the 'altered' IP allow us to have another divert rule as it's a 'different' IP passing through the ipfw rules? Anyone have any thoughts/information on this subject? Regards, Matt Pavilion Internet plc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message