From owner-freebsd-stable  Sat Jul 22 15:25:18 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from dns.comrax.com (dns.comrax.com [194.90.246.124])
	by hub.freebsd.org (Postfix) with ESMTP id 7DC0237B506
	for <freebsd-stable@FreeBSD.ORG>; Sat, 22 Jul 2000 15:25:14 -0700 (PDT)
	(envelope-from noor@comrax.com)
Received: by dns.comrax.com (Postfix, from userid 100)
	id C671F1C997; Sun, 23 Jul 2000 01:24:48 +0300 (IDT)
Received: from localhost (localhost [127.0.0.1])
	by dns.comrax.com (Postfix) with ESMTP id BA99A16E22
	for <freebsd-stable@FreeBSD.ORG>; Sun, 23 Jul 2000 01:24:48 +0300 (IDT)
Date: Sun, 23 Jul 2000 01:24:48 +0300 (IDT)
From: <noor@comrax.com>
To: freebsd-stable@FreeBSD.ORG
Subject: divert + keep-state
Message-ID: <Pine.BSF.4.10.10007230120470.94646-100000@dns.comrax.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hi all,

I have a FreeBSD box with two NIC's that I use to link our internal
network to the outside network. I use ipfw+natd to do this. The following
is the divert rule:

add divert 8668 ip from any to any via xl1

xl1 is the outer NIC. My question is: can I do the following:

add check-state
add divert 8668 ip from any to any via xl1 keep-state

I am trying to keep-state for diverted packets. Is this a better secured
way to divert packets (if it works really), or the first should do it?

Thanks,
Noor



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message