From owner-freebsd-hackers  Sun Apr  1  8:12: 5 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from filk.iinet.net.au (syncopation-dns.iinet.net.au [203.59.24.29])
	by hub.freebsd.org (Postfix) with SMTP id 35D8A37B719
	for <freebsd-hackers@freebsd.org>; Sun,  1 Apr 2001 08:12:01 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: (qmail 3298 invoked by uid 666); 1 Apr 2001 15:13:59 -0000
Received: from i079-112.nv.iinet.net.au (HELO elischer.org) (203.59.79.112)
  by mail.m.iinet.net.au with SMTP; 1 Apr 2001 15:13:59 -0000
Message-ID: <3AC7452E.8C5118EE@elischer.org>
Date: Sun, 01 Apr 2001 08:11:42 -0700
From: Julian Elischer <julian@elischer.org>
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386)
X-Accept-Language: en, hu
MIME-Version: 1.0
To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu>
Cc: freebsd-hackers@freebsd.org
Subject: Re: ipfw divert question
References: <Pine.SOL.4.21.0103311417130.21524-100000@gradient.cis.upenn.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Alwyn Goodloe wrote:
> 
> Hackers,
> 
>   Here's my question. I have the following FW rules:
> 
> ipfw add 50000 divert natd  tcp from any to any via ep1
> ipfw add 60000 divert 4422  tcp from any  to any 3322  in
> ipfw add 65000 allow ip from any to any
> 
> The first rule is for natd which performs the standard sort of network
> address translations. THe second is doing some application specific
> processing.
> 
>  It seems to me that what's happening is that the first divert gets
> executed and the translation is correct. What I then need is for the
> second rule to fire on the translated packet. From several things  I have
> read it seems that once one divert rule is executed then the other dirvert
> rules won't get executed. Am I correct about this.

no

natd should re-inject the (changed) packets just after the rule that
originally diverted them.

> 
>   Any ideas how I can get both divert rules to fire.
> 
> 
>  Alwyn Goodloe
> 
>  agoodloe@gradient.cis.upenn.edu
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message

-- 
      __--_|\  Julian Elischer
     /       \ julian@elischer.org
    (   OZ    ) World tour 2000-2001
---> X_.---._/  
            v

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message