From owner-freebsd-questions  Sat Dec  7 23: 5: 6 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 40DC237B401
	for <questions@FreeBSD.org>; Sat,  7 Dec 2002 23:05:05 -0800 (PST)
Received: from smtp3.jaring.my (smtp3.jaring.my [61.6.32.53])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DB4C043EC5
	for <questions@FreeBSD.org>; Sat,  7 Dec 2002 23:05:03 -0800 (PST)
	(envelope-from kaeru@pd.jaring.my)
Received: from [61.6.159.231] (j217.crc22.jaring.my [61.6.159.231])
	by smtp3.jaring.my (8.11.4/8.11.4) with ESMTP id gB8750w05087
	for <questions@FreeBSD.org>; Sun, 8 Dec 2002 15:05:01 +0800 (MYT)
Subject: ipfw2 and natd
From: Khairil Yusof <kaeru@pd.jaring.my>
To: questions@FreeBSD.org
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-ueYHRV+u2IWs7EdCjTFX"
Organization: 
Message-Id: <1039331069.99425.7.camel@daemon>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.0 
Date: 08 Dec 2002 15:04:29 +0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--=-ueYHRV+u2IWs7EdCjTFX
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Didn't get an answer for this. Is it because it's supposed to be asked
in freebsd-current?

I've found that natd with ipfw2 breaks my simple ipfw rules in which
state information is kept for new outgoing tcp packets:

with 0,1.. as example rule numbers.

0 divert natd all from any to any via tun0
1 allow tcp from any to any out xmit tun0 setup
2 allow tcp from any to any via tun0 established
3 allow icmp from any to any

0 is ok
1 is ok
3 is ok
but 2 doesn't work.

I read in the man, that natd might lose information that might cause
rule 2 to break.=20

What's the proper way to do this with ipfw2?



--=20
Khairil Yusof <kaeru@pd.jaring.my>

--=-ueYHRV+u2IWs7EdCjTFX
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQA98u79DAqnLW/+/X8RAuf4AKCoE6t5RMCOvRNcCNNLXA2zF3g0HQCg8Ooi
V2zVeqFzaEdWLNcoL5D9ymY=
=CC36
-----END PGP SIGNATURE-----

--=-ueYHRV+u2IWs7EdCjTFX--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message