From owner-freebsd-stable Sat Jul 22 15:25:18 2000 Delivered-To: freebsd-stable@freebsd.org Received: from dns.comrax.com (dns.comrax.com [194.90.246.124]) by hub.freebsd.org (Postfix) with ESMTP id 7DC0237B506 for ; Sat, 22 Jul 2000 15:25:14 -0700 (PDT) (envelope-from noor@comrax.com) Received: by dns.comrax.com (Postfix, from userid 100) id C671F1C997; Sun, 23 Jul 2000 01:24:48 +0300 (IDT) Received: from localhost (localhost [127.0.0.1]) by dns.comrax.com (Postfix) with ESMTP id BA99A16E22 for ; Sun, 23 Jul 2000 01:24:48 +0300 (IDT) Date: Sun, 23 Jul 2000 01:24:48 +0300 (IDT) From: To: freebsd-stable@FreeBSD.ORG Subject: divert + keep-state Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all, I have a FreeBSD box with two NIC's that I use to link our internal network to the outside network. I use ipfw+natd to do this. The following is the divert rule: add divert 8668 ip from any to any via xl1 xl1 is the outer NIC. My question is: can I do the following: add check-state add divert 8668 ip from any to any via xl1 keep-state I am trying to keep-state for diverted packets. Is this a better secured way to divert packets (if it works really), or the first should do it? Thanks, Noor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message