From owner-freebsd-net  Mon Feb  3 21:35:53 2003
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 45CA337B401
	for <net@freebsd.org>; Mon,  3 Feb 2003 21:35:52 -0800 (PST)
Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B321F43FA3
	for <net@freebsd.org>; Mon,  3 Feb 2003 21:35:48 -0800 (PST)
	(envelope-from bvi@itouchlabs.com)
Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1)
	id 18fvon-000Izy-00
	for net@freebsd.org; Tue, 04 Feb 2003 07:40:25 +0200
Received: from devco.net ([196.15.188.2] helo=Beastie)
	by mx1.dev.itouchnet.net with esmtp (Exim 3.35 #1)
	id 18fvoj-000Ize-00; Tue, 04 Feb 2003 07:40:23 +0200
Message-ID: <002801c2cc0e$dba94ff0$83ee35ca@Beastie>
From: "Barry Irwin" <bvi@itouchlabs.com>
To: "Mikhail Teterin" <mi+kde@aldan.algebra.com>, <net@FreeBSD.org>
References: <200302040027.30781@aldan>
Subject: Re: Does natd(8) really need to see _all_ packets?
Date: Tue, 4 Feb 2003 07:29:11 +0200
Organization: iTouch Labs
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Checked: This message has been scanned for any virusses and unauthorized attachments.
X-iScan-ID: 73028-1044337224-90859@unconfigured version $Name: REL_2_0_4 $
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

your best solution is to add a skipto before the divert rule.

You can therefore skip any traffic from a private address to another private
address.   Anything not matched by the skipto rule gets fed to the divert
socket.

Regards.

--
Barry Irwin         bvi@itouchlabs.com                    Tel:
+27214875178
Systems Administrator: Networks And Security
iTouch TAS      http://www.itouchlabs.com         Mobile: +27824457210


----- Original Message -----
From: "Mikhail Teterin" <mi+kde@aldan.algebra.com>
To: <net@FreeBSD.org>
Sent: Tuesday, February 04, 2003 7:27 AM
Subject: Does natd(8) really need to see _all_ packets?


> Hi!
>
> This question bothered me for a while -- most of the traffic on my LAN
> is just that -- local. Yet my gw/firewall machine only has one interface
> -- with two IP addresses -- private and public on it.
>
> The DSL modem is plugged into the switch just like everything else.
>
> I doubt this is a unique setup.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message