From owner-freebsd-questions  Mon May 13  3:51:27 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mufasa.swistgroup.com (mufasa.swistgroup.com [64.245.10.163])
	by hub.freebsd.org (Postfix) with ESMTP id 0718B37B401
	for <questions@freebsd.org>; Mon, 13 May 2002 03:51:17 -0700 (PDT)
Received: from timon ([172.16.1.30] helo=timon.swistgroup.com)
	by mufasa.swistgroup.com with esmtp (Exim 3.36 #1)
	id 177DPq-0006XZ-00
	for questions@freebsd.org; Mon, 13 May 2002 12:50:54 +0200
Received: from [172.16.1.3] (helo=steinmail.swistgroup.com)
	by timon.swistgroup.com with esmtp (Exim 3.33 #1)
	id 177DPq-0002Gg-00
	for questions@freebsd.org; Mon, 13 May 2002 12:50:54 +0200
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: IPFW with NATD question...
Disposition-Notification-To: "Max Clements" <clementsm@swistgroup.com>
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Mon, 13 May 2002 12:51:25 +0200
Message-ID: <DEC925D2FB9081448C3D6EC26E85868C02D594@steinmail.swistgroup.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: IPFW with NATD question...
Thread-Index: AcH6bA3xg+U1ha3pSrCHuzHdsG20wQ==
From: "Max Clements" <clementsm@swistgroup.com>
To: <questions@freebsd.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I have IPFW running as my firwall to the 'net with natd for the =
translation.

Problem is using natd with the divert socket to divert all traffic to =
natd,
you end up with a situation where you cannot use stateful rules (at =
least I
can't figure a way out) as an example:

Say an inside machine 192.168.1.10 connects to the outside world via =
IPFW,
with a public address of 196.6.128.200.  If I log the connection =
verbosely I
see the following:

Tcp outgoing from 196.6.128.200 - outside host:port for the outgoing =
packets
of the connection and
Tcp incoming from outside host:port to 192.168.1.10 (which is the inside
address)

Obviously the stateful rule misses the incoming packets with different
distination addresses, consequently the connection fails.

Any suggestions

Regards

Max

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message