From owner-freebsd-net@FreeBSD.ORG  Thu Mar 10 09:17:37 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 674C616A4CE
	for <freebsd-net@freebsd.org>; Thu, 10 Mar 2005 09:17:37 +0000 (GMT)
Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1C8B643D2F
	for <freebsd-net@freebsd.org>; Thu, 10 Mar 2005 09:17:36 +0000 (GMT)
	(envelope-from john@veidit.net)
Received: from [192.168.20.45] ([213.115.251.220] [213.115.251.220])
          by mxfep02.bredband.com with ESMTP
          id <20050310091734.ENR23781.mxfep02.bredband.com@[192.168.20.45]>;
          Thu, 10 Mar 2005 10:17:34 +0100
Message-ID: <4230109F.60808@veidit.net>
Date: Thu, 10 Mar 2005 10:17:19 +0100
From: John Angelmo <john@veidit.net>
User-Agent: Mozilla Thunderbird 1.0 (X11/20050211)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Nickolay A. Kritsky" <nkritsky@star-sw.com>
References: <41C15E0B.2050503@veidit.net>
	<671282193578.20041216144526@star-sw.com>
In-Reply-To: <671282193578.20041216144526@star-sw.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-net@freebsd.org
Subject: Re: NAT problem with public network
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2005 09:17:37 -0000

Nickolay A. Kritsky wrote:
> Hello John,
> 
> You can use two ways:
> 1. Add 'unregistered_only yes' to your natd.conf
> 2. Run natd on xl2 with -reverse option
> 
> If I were you I would do the first one.
> 

I tried that with this rule on top
ipfw add divert natd log all from any to any via xl0

Well that handles all the packages and just then kicks out the packets 
not to 192.168.20.0/24 to the rest of the IPFW rules, should I do 
something like this instead:
ipfw add divert natd log all from 192.168.20.0/24 to any via xl0 keep-state

I simply want to only nat the right rules and let the rest of the 
packages be handled by ipfw

/John