From owner-freebsd-hackers  Fri Feb 28  4:57:12 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9376937B401; Fri, 28 Feb 2003 04:57:10 -0800 (PST)
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id DCE8043FBF; Fri, 28 Feb 2003 04:57:08 -0800 (PST)
	(envelope-from maxim@FreeBSD.org)
Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14])
	by relay.macomnet.ru (8.11.6/8.11.6) with ESMTP id h1SCv4F673848;
	Fri, 28 Feb 2003 15:57:04 +0300 (MSK)
Date: Fri, 28 Feb 2003 15:57:04 +0300 (MSK)
From: Maxim Konovalov <maxim@FreeBSD.org>
To: denb <denb@front.ru>
Cc: ipfw@FreeBSD.org, hackers@FreeBSD.org
Subject: Re: Question about divert in ipfw2 on 5.0 release
In-Reply-To: <200302281010.h1SAA3VD087527@www3.mailru.com>
Message-ID: <20030228155353.I91707@news1.macomnet.ru>
References: <200302281010.h1SAA3VD087527@www3.mailru.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


Hello,

On 13:10+0300, Feb 28, 2003, denb wrote:

> I write program simular to natd, witch receives packets at divert port X.
> Question:
> On ipfw1 (FreeBSD 4.7) this rules work excellent:
>
> ipfw add divert X from any to any Y
> ipfw add divert X from any Y to any
>
> We're diverting all received and sended packets (from\to port Y) to divert port X.
> But these rules are not working together with ipfw2 (5.0 Release). Each single rule
> works fine, but when i combine them together only first of them triggers. The order
> doesn't matter.
>
> What am I doing wrong?

Can't reproduce:

# ipfw add 1 divert 1111 tcp from any to any 1973
00001 divert 1111 tcp from any to any dst-port 1973
# ipfw add 2 divert 1111 tcp from any 1973 to any
00002 divert 1111 tcp from any 1973 to any
# nc localhost 1973
# nc -p 1973 localhost 21
# ipfw show 1 2
00001          1         60 divert 1111 tcp from any to any dst-port 1973
00002          1         60 divert 1111 tcp from any 1973 to any

What am I doing wrong? :-)

-- 
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message