From owner-freebsd-questions  Mon Jun 11  9:24:54 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from freeze.org (www.stelesys.com [208.177.187.226])
	by hub.freebsd.org (Postfix) with ESMTP id 46BA537B40B
	for <questions@freebsd.org>; Mon, 11 Jun 2001 09:24:44 -0700 (PDT)
	(envelope-from jim@freeze.org)
Received: (from jim@localhost)
	by freeze.org (8.11.3/8.11.2) id f5BGObd25753;
	Mon, 11 Jun 2001 12:24:37 -0400 (EDT)
	(envelope-from jim)
X-Authentication-Warning: www.stelesys.com: Processed from queue /var/spool/alt_queue
X-Authentication-Warning: www.stelesys.com: Processed by jim with -C /web/siteinfo/freeze/mail/sendmail.cf
Date: Mon, 11 Jun 2001 12:24:37 -0400 (EDT)
From: Jim Freeze <jim@freeze.org>
X-X-Sender:  <jim@www.stelesys.com>
To: <questions@freebsd.org>
Subject: Need help with meaning of divert
Message-ID: <Pine.BSF.4.32.0106111212231.22484-100000@www.stelesys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi:

I have a firewall using natd.
When I list the rules, I get a rule 0100 divert:

# ipfw list
[...snipped]
00050 allow tcp from any to 24.9.218.175 80 setup
00100 divert 8668 ip from any to any via vx0
00150 allow ip from any to any via lo0
[...snipped]

In /etc/rc.firewall I have the rules 0050 and 00150,
but 0100 is added by default (ie, it is not in /etc/rc.firewall)
Can someone explain to me what this rule does?

Also, I copied my original rule set from mostgraveconcern
but found that some of the rules did not work because
they came after rule 100. So, for example, I had to put

  allow tcp from any to 24.9.218.175 80 setup

at 0050 for my webserver to work. I had to do the same
with ssh, cvs and mail. This raises three issues:

  1) It gets kind of crowded below 100
  2) How does one move divert to a higher number
  3) What rules need to be before divert

Any insight is greatly appreciated.

=========================================================
Jim Freeze
jim@freeze.org
---------------------------------------------------------
No comment at this time.
http://www.freeze.org
=========================================================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message