From owner-freebsd-net@FreeBSD.ORG  Tue Sep  9 10:29:30 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A4B27349
 for <freebsd-net@freebsd.org>; Tue,  9 Sep 2014 10:29:30 +0000 (UTC)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0C904FEC
 for <freebsd-net@freebsd.org>; Tue,  9 Sep 2014 10:29:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id s89ATQ7p016633;
 Tue, 9 Sep 2014 20:29:26 +1000 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Tue, 9 Sep 2014 20:29:26 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: John Case <case@SDF.ORG>
Subject: Re: How can sshuttle be used properly with FreeBSD (and with DNS)
 ?
In-Reply-To: <20140909183722.R58647@sola.nimnet.asn.au>
Message-ID: <20140909195046.L58647@sola.nimnet.asn.au>
References: <Pine.NEB.4.64.1409060233080.2500@faeroes.freeshell.org>
 <20140909183722.R58647@sola.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-net@freebsd.org, John Nielsen <lists@jnielsen.net>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 10:29:30 -0000

On Tue, 9 Sep 2014 19:33:05, Ian Smith wrote:

 >   add 1000 divert natd ip from any to any in recv xl0
 >   add 2000 divert natd ip from any to any out xmit xl0

Oops, 'ip' should nowadays be 'ip4|ipv4' for divert rules, if ip6 is
configured on that interface.  Last I heard, ip6 packets break divert.

cheers, Ian