From owner-freebsd-net Mon Feb 3 22: 3:17 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DBAD37B401 for ; Mon, 3 Feb 2003 22:03:16 -0800 (PST) Received: from mail.dntcj.ro (courier.cluj.astral.ro [193.230.240.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id D150643F79 for ; Mon, 3 Feb 2003 22:03:14 -0800 (PST) (envelope-from loman@cluj.astral.ro) Received: from Void.Cluj.Astral.Ro (Void.Cluj.Astral.Ro [194.105.28.75]) by mail.dntcj.ro with esmtp; Tue, 04 Feb 2003 07:55:45 +0200 Date: Tue, 4 Feb 2003 08:00:46 +0200 (EET) From: Emilian Ursu To: Mikhail Teterin Cc: Barry Irwin , net@FreeBSD.ORG Subject: Re: Does natd(8) really need to see _all_ packets? In-Reply-To: <200302040540.h145evwa062764@corbulon.video-collage.com> Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 4 Feb 2003, Mikhail Teterin wrote: > > your best solution is to add a skipto before the divert rule. > > Thank you, Barry, but is not that what I'm doing in the sample? > > > You can therefore skip any traffic from a private address to another > > private address. Anything not matched by the skipto rule gets fed to > > the divert socket. > > The trick was to figure out, what could be skipped, and what could not. > I'm wondering, if I got that right -- it seems to work find, but does it > leave something open? Before I can recommend it to others, I'd like to > be more sure :-) > see the example from man firewall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message