From owner-freebsd-hackers Sat Mar 31 11:39:17 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from gradient.cis.upenn.edu (GRADIENT.CIS.UPENN.EDU [158.130.67.48]) by hub.freebsd.org (Postfix) with ESMTP id 805AB37B71D for ; Sat, 31 Mar 2001 11:39:15 -0800 (PST) (envelope-from agoodloe@gradient.cis.upenn.edu) Received: from localhost (localhost [127.0.0.1]) by gradient.cis.upenn.edu (8.10.1/8.10.1) with ESMTP id f2VJdEp23495 for ; Sat, 31 Mar 2001 14:39:14 -0500 (EST) Date: Sat, 31 Mar 2001 14:39:14 -0500 (EST) From: Alwyn Goodloe To: freebsd-hackers@freebsd.org Subject: ipfw divert question Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hackers, Here's my question. I have the following FW rules: ipfw add 50000 divert natd tcp from any to any via ep1 ipfw add 60000 divert 4422 tcp from any to any 3322 in ipfw add 65000 allow ip from any to any The first rule is for natd which performs the standard sort of network address translations. THe second is doing some application specific processing. It seems to me that what's happening is that the first divert gets executed and the translation is correct. What I then need is for the second rule to fire on the translated packet. From several things I have read it seems that once one divert rule is executed then the other dirvert rules won't get executed. Am I correct about this. Any ideas how I can get both divert rules to fire. Alwyn Goodloe agoodloe@gradient.cis.upenn.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message