Date: Wed, 13 Dec 2000 22:29:55 -0800 (PST) From: "Jason C. Wells" <jcwells@nwlink.com> To: freebsd-questions@freebsd.org Subject: Clarification on IPFW + NAT Message-ID: <Pine.SOL.3.96.1001213222439.3092A-100000@utah>
next in thread | raw e-mail | index | archive | help
I have my firewall working. I am having trouble setting up parts of it
for things like UDP based games. I know the how the games connect by
viewing tcpdump output. Even with this info I am thwarted. I gather that
I have a conceptual error somewhere that keeps me from figuring this out.
From the man pages I know that a packet running through a gateway is
passed through IPFW twice, presumably once for each interface. I also
know that packets that are diverted re-enter at the next rule number.
Would someone please tell me if this flow chart of IPFW, NATD and
net.inet.ip.forwarding is correct?
The one question I have is when does the interface to which the packet
"belongs" change? My best guess is shown below.
Packet Passing from
Internal to External
OIF= outside interface
IIF= inside interface
The internal network
|
|
IIF
|
|
IPFW Rules ---> Drop
|
|
Pass
|
|
Forward To OIF? ---> NO ---> IIF ---> The internal network
|
|
YES
|
|
IPFW Rules ---> Drop
|
|
Match divert rule at rule # N ---> NATD Mangles Packet
|
|
----------------------------------|
|
Re-enter IPFW at rule # N+1
|
|
OIF
|
|
The external network
Thank you,
Jason C. Wells
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.1001213222439.3092A-100000>