From owner-freebsd-ipfw Fri Mar 1 7:17:28 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from dsee.fee.unicamp.br (dsee.fee.unicamp.br [143.106.11.14]) by hub.freebsd.org (Postfix) with ESMTP id B6EA937B405 for ; Fri, 1 Mar 2002 07:17:20 -0800 (PST) Received: from dsee.fee.unicamp.br (tucunare.dsee.fee.unicamp.br [143.106.11.6]) by dsee.fee.unicamp.br (8.10.1/8.10.1) with SMTP id g21FIHN04857 for ; Fri, 1 Mar 2002 12:18:17 -0300 (EST) Received: from 200.208.15.217 (SquirrelMail authenticated user morte) by tucunare.fee.unicamp.br with HTTP; Fri, 1 Mar 2002 12:19:11 -0300 (EST) Message-ID: <30575.200.208.15.217.1014995951.squirrel@tucunare.fee.unicamp.br> Date: Fri, 1 Mar 2002 12:19:11 -0300 (EST) Subject: ipfw problem From: "Luiz Morte da Costa Jr" To: Reply-To: morte@dsee.fee.unicamp.br X-Mailer: SquirrelMail (version 1.2.4) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, I don´t know if this is possible, but ... : I´ve instaled a FreeBSD 4.4 in a hardware with 3 nic. I´ve configured: nic fxp0: a.b.c.d -> Internet link, with a valid IP nic fxp1: e.f.g.h -> Internet link, with a valid IP nic fxp2: 10.10.10.1 -> Internal link, with a NO valid IP My default router is a.b.c.29 (the same fxp0 IP Class) I´m using ipfx+nat and the ideia is: http protocol: out/in via fxp1 others protocols: out/in via fxp0 - I starting nat, like this: natd (8668) in a fxp0 nic and natd2 (8669) in a fxp1 nic - I´ve used the rules bellow: add 001 divert 8669 tcp from any to any 80 add 002 divert 8669 tcp from any 80 to any add 003 fwd e.f.g.h tcp from any to any 80 via fxp1 (fxp1 IP Class) add 004 fwd e.f.g.h tcp from any 80 to any via fxp1 (fxp1 IP Class) add 005 skipto 020 tcp from any to any 80 add 006 skipto 020 tcp from any 80 to any add 010 divert 8668 all from any to any add 020 allow log all from any to any - logs: Feb 17 11:45:15 fw /kernel: ipfw: 020 Accept 10.10.10.130:1133 209.73.180.8:80 in via fxp2 (fazendo acesso ao altavista de uma maquina da rede interna: 10.10.10.130) Feb 17 11:45:15 fw /kernel: ipfw: 020 Accept e.f.g.h:1133 209.73.180.8:80 out via fxp0 I think the NAT is working fine (logs), but all the internet traffic is passing through fxp0. I have a routing problem and I don´t if I can fix it. In another words, only the http protocol pass through fxp1 and others protocols pass through fxp0. Thanks in advance, Luiz Morte. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message