RE: natd + IPFW (I think i have the solution)

From owner-freebsd-ipfw Fri Aug 11 14:33:56 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from chicago.ADMis.com (chicago.admis.com [208.192.111.99]) by hub.freebsd.org (Postfix) with SMTP id 6E25C37BA0E for ; Fri, 11 Aug 2000 14:33:36 -0700 (PDT) (envelope-from chris.silva@admis.com) Received: From CHICAGO.ADMIS.COM (182.168.181.229[182.168.181.229 port:1677]) by chicago.ADMis.com (Mail essentials server 2.421) with SMTP id: <12799@chicago.ADMis.com> for 8/11/00 4:35:16 PM -0500 Received: by chicago.admis.com with Internet Mail Service (5.5.2650.21) id ; Fri, 11 Aug 2000 16:35:16 -0500 Message-ID: <7353575D98E0D311834F00508BA0FAC91CECDA@chicago.admis.com> From: Chris Silva To: 'Nick Rogness' , TeRrAc Cc: FreeBSD IPFW list Subject: RE: natd + IPFW (I think i have the solution) Date: Fri, 11 Aug 2000 16:35:14 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C003DC.09444472" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C003DC.09444472 Content-Type: text/plain; charset="iso-8859-1" If I recall correct, DIVERT is always done on ${oif} = fxp0 for you. -----Original Message----- From: Nick Rogness [mailto:nick@rapidnet.com] Sent: Friday, August 11, 2000 4:13 PM To: TeRrAc Cc: FreeBSD IPFW list Subject: Re: natd + IPFW (I think i have the solution) On Thu, 10 Aug 2000, TeRrAc wrote: > Hi there, > > In re-reading this mail from Nick I see what my problem might be. My > outside interface is fxp0, and the inside is fxp1. > The packet flow goes like this > > [DSL Gateway] <---> [fxp0 <--> fxp1] <----> {the internal network} > I had the IPFW diverting all packets through fxp1, and it appears that I > need to have them diverted through fxp0 instead. I will not know of course > until I get home and can try it out. > In the meantime of course, can anyone cofirm or deny this? I will confirm that. In your setup divert should be running on your outside interface.. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message ------_=_NextPart_001_01C003DC.09444472 Content-Type: text/html; charset="iso-8859-1" RE: natd + IPFW (I think i have the solution)

If I recall correct, DIVERT is always done on ${oif} = fxp0 for you.

-----Original Message-----
From: Nick Rogness [mailto:nick@rapidnet.com]
Sent: Friday, August 11, 2000 4:13 PM
To: TeRrAc
Cc: FreeBSD IPFW list
Subject: Re: natd + IPFW (I think i have the solution)

On Thu, 10 Aug 2000, TeRrAc wrote:

> Hi there,
>
>   In re-reading this mail from Nick I see what my problem might be. My
> outside interface is fxp0, and the inside is fxp1.
>   The packet flow goes like this
>
> [DSL Gateway] <---> [fxp0 <--> fxp1] <----> {the internal network}
>   I had the IPFW diverting all packets through fxp1, and it appears that I
> need to have them diverted through fxp0 instead. I will not know of course
> until I get home and can try it out.
> In the meantime of course, can anyone cofirm or deny this?

I will confirm that. In your setup divert should be running on
your outside interface..

Nick Rogness
- Drive defensively. Buy a tank.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

------_=_NextPart_001_01C003DC.09444472-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message