Date: Sun, 01 Apr 2001 08:11:42 -0700 From: Julian Elischer <julian@elischer.org> To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu> Cc: freebsd-hackers@freebsd.org Subject: Re: ipfw divert question Message-ID: <3AC7452E.8C5118EE@elischer.org> References: <Pine.SOL.4.21.0103311417130.21524-100000@gradient.cis.upenn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Alwyn Goodloe wrote:
>
> Hackers,
>
> Here's my question. I have the following FW rules:
>
> ipfw add 50000 divert natd tcp from any to any via ep1
> ipfw add 60000 divert 4422 tcp from any to any 3322 in
> ipfw add 65000 allow ip from any to any
>
> The first rule is for natd which performs the standard sort of network
> address translations. THe second is doing some application specific
> processing.
>
> It seems to me that what's happening is that the first divert gets
> executed and the translation is correct. What I then need is for the
> second rule to fire on the translated packet. From several things I have
> read it seems that once one divert rule is executed then the other dirvert
> rules won't get executed. Am I correct about this.
no
natd should re-inject the (changed) packets just after the rule that
originally diverted them.
>
> Any ideas how I can get both divert rules to fire.
>
>
> Alwyn Goodloe
>
> agoodloe@gradient.cis.upenn.edu
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC7452E.8C5118EE>