From owner-freebsd-security@FreeBSD.ORG Mon Jun 2 16:27:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7869337B401 for ; Mon, 2 Jun 2003 16:27:11 -0700 (PDT) Received: from web14908.mail.yahoo.com (web14908.mail.yahoo.com [216.136.225.60]) by mx1.FreeBSD.org (Postfix) with SMTP id 186A143F85 for ; Mon, 2 Jun 2003 16:27:11 -0700 (PDT) (envelope-from nirv199@yahoo.com) Message-ID: <20030602232710.20360.qmail@web14908.mail.yahoo.com> Received: from [200.181.152.41] by web14908.mail.yahoo.com via HTTP; Mon, 02 Jun 2003 16:27:10 PDT Date: Mon, 2 Jun 2003 16:27:10 -0700 (PDT) From: Paulo Roberto To: freebsd-security@freebsd.org In-Reply-To: <20030602200857.T6733-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Packet flow through IPFW+IPF+IPNAT ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 23:27:11 -0000 --- Fernando Gleiser wrote: > On Mon, 2 Jun 2003, Vlad GALU wrote: > Or, in other words, IPF always 'sees' the real IPs, not the NATed > ones. Is it also true for IPFW? Does the rules apply always to the real addresses instead of the natted ones? So why does the "divert natd" rule must be the first rule in ipfw? (in rc.firewall it is rule 00050). Is the packet reinserted on the queue, or it just wait a "pass" rule so it can be put on rule #00050 and go on? TIA Paulo Roberto __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com