Date: Thu, 17 May 2001 12:51:55 -0700 From: "Brandt Everett" <everett@bentonrea.com> To: <stable@FreeBSD.ORG> Subject: ipfw Message-ID: <002c01c0df0a$d4539b90$632807d8@prosser.bentonrea.org> In-Reply-To: <20010517162218.C253@speedy.gsinet>
next in thread | previous in thread | raw e-mail | index | archive | help
I think this is correct but can someone please verify with me
Situtation:
I have a firewall with the following rules.
${fwcmd} add pass ip from ${net1} to ${net2}
${fwcmd} add pass ip from ${net2} to ${net1}
${fwcmd} add divert natd all from any to any via ${natd_interface}
Here is my question. If a packet matches one of the first two rules, does
it drop out of the rule set and continue on? I know that the divert will
insert the packet back into the rule list on the next numbered rule.
Also, on a machine with two interfaces, is there somewhere I can find a
order for the process or is this right.
example:
(incoming
packet)->(outsideif)->(ipfwrule)->(natd)->(ipfwrule)->(insideif)->continues
on...
(outgoing packet)<-(outsideif)<-(ipfwrul)<-(natd)<-(ipfwrule)<-(insideif)<-
starting packet..
Can someone help clear this up?
Thanks
Brandt Everett
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
phone: 1-800-398-1232 x 234
webpage: www.bentonrea.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01c0df0a$d4539b90$632807d8>