From owner-freebsd-stable Thu May 17 12:52: 7 2001 Delivered-To: freebsd-stable@freebsd.org Received: from greyhound.bentonrea.com (mail.bentonrea.com [12.18.240.4]) by hub.freebsd.org (Postfix) with ESMTP id C6A6937B422 for ; Thu, 17 May 2001 12:52:04 -0700 (PDT) (envelope-from everett@bentonrea.com) Received: from everett (everett.bentonrea.com [216.7.40.99]) by greyhound.bentonrea.com (8.9.3/8.9.3) with SMTP id MAA05518 for ; Thu, 17 May 2001 12:52:06 -0700 From: "Brandt Everett" To: Subject: ipfw Date: Thu, 17 May 2001 12:51:55 -0700 Message-ID: <002c01c0df0a$d4539b90$632807d8@prosser.bentonrea.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <20010517162218.C253@speedy.gsinet> Importance: Normal Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I think this is correct but can someone please verify with me Situtation: I have a firewall with the following rules. ${fwcmd} add pass ip from ${net1} to ${net2} ${fwcmd} add pass ip from ${net2} to ${net1} ${fwcmd} add divert natd all from any to any via ${natd_interface} Here is my question. If a packet matches one of the first two rules, does it drop out of the rule set and continue on? I know that the divert will insert the packet back into the rule list on the next numbered rule. Also, on a machine with two interfaces, is there somewhere I can find a order for the process or is this right. example: (incoming packet)->(outsideif)->(ipfwrule)->(natd)->(ipfwrule)->(insideif)->continues on... (outgoing packet)<-(outsideif)<-(ipfwrul)<-(natd)<-(ipfwrule)<-(insideif)<- starting packet.. Can someone help clear this up? Thanks Brandt Everett -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- phone: 1-800-398-1232 x 234 webpage: www.bentonrea.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message