Date: Mon, 20 Sep 2004 10:57:56 -0600 From: Jose Hidalgo Herrera <jose@hostarica.com> To: Cristian Ursuleanu <cristi@debug.ro> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw & natd Message-ID: <1095699476.14974.13.camel@jose.hostarica.net> In-Reply-To: <20040920192709.K29498@debug.ro> References: <20040920084359.eei75hutjsgs88@.mailhost.wsf.at> <20040920192709.K29498@debug.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
You are right, but Tomas too!, what is missing here is: # sysctl -w net.inet.ip.fw.one_pass=1 Use the divert first, with one_pass=1 the package will be reinjected and the your fwd rule will work just fine. --- this will do sysctl -w net.inet.ip.fw.one_pass=1 natd -p 8668 -interface rl0 natd -p 8669 -interface rl1 ipfw add 1000 divert 8668 all from any to any rl0 ipfw add 2000 divert 8669 all from any to any rl1 ipfw add 2010 fwd 5.6.7.8 tcp from 10.0.0.0/24 to any 80 out recv ed0 --- -- Jose Hidalgo PGP: 15524480 jose at hostarica.com http://www.hostarica.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1095699476.14974.13.camel>