From owner-freebsd-ipfw@FreeBSD.ORG  Mon Mar 13 19:50:46 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5A0D716A401
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Mar 2006 19:50:46 +0000 (UTC)
	(envelope-from dennisolvany@gmail.com)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F2CE243D6E
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Mar 2006 19:50:40 +0000 (GMT)
	(envelope-from dennisolvany@gmail.com)
Received: by wproxy.gmail.com with SMTP id i31so1257816wra
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Mar 2006 11:50:40 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding;
	b=Dwf8KDr40NcKEl4TNssHzwETwVW9J1NtITQF9VhZYrUfZXdg+BmzAIaItcxDm3jlXUXMusvJThwzvG24IqO5CYpLfkCy86s44HagpKrmMlfxt8xVrwW3Y8u6I1LawUZyLr+EAvFiX/pNqyDnxD2to0SH1HVTsXFbrmmBPFxHZqs=
Received: by 10.54.140.9 with SMTP id n9mr802974wrd;
	Mon, 13 Mar 2006 11:50:39 -0800 (PST)
Received: from ?192.168.102.3? ( [67.102.60.210])
	by mx.gmail.com with ESMTP id 39sm3519290wrl.2006.03.13.11.50.38;
	Mon, 13 Mar 2006 11:50:39 -0800 (PST)
Message-ID: <4415CD14.9070000@gmail.com>
Date: Mon, 13 Mar 2006 13:50:44 -0600
From: Dennis Olvany <dennisolvany@gmail.com>
User-Agent: Thunderbird 1.5 (X11/20060211)
MIME-Version: 1.0
To: Vladimir Grigor <xvga@mail.ru>
References: <1438179712.20060310114356@mail.ru>
	<1014435727.20060313174344@mail.ru>
In-Reply-To: <1014435727.20060313174344@mail.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw2(stateful)+divert; why divert rule is ignored?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2006 19:50:46 -0000

>    Regular NAT is working properly, but I can't configure NAPT to
>    services on server in LAN....

You mean port forwarding?

>    03800    0            0 divert 6893 log logamount 100 tcp from
>    192.168.0.1 80 to any out via tun0

Possibly traffic has already been translated at this point?

>    04700   25   1554 divert 6893 log logamount 100 tcp from any to
>    212.42.xxx.xxx dst-port 80 in via tun0

Why multiple diverts?

>    05000  150   6816 allow log logamount 100 tcp from any to 192.168.0.1
>    dst-port 80 in via tun0 setup keep-state

I believe you'll find setup keep-state incompatible with natd.