From owner-freebsd-questions  Tue Aug 11 15:44:00 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA19729
          for freebsd-questions-outgoing; Tue, 11 Aug 1998 15:44:00 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA19724
          for <freebsd-questions@FreeBSD.ORG>; Tue, 11 Aug 1998 15:43:58 -0700 (PDT)
          (envelope-from julian@whistle.com)
Received: (from daemon@localhost)
	by alpo.whistle.com (8.8.5/8.8.5) id PAA22897;
	Tue, 11 Aug 1998 15:39:13 -0700 (PDT)
Received: from current1.whistle.com(207.76.205.22)
 via SMTP by alpo.whistle.com, id smtpda22888; Tue Aug 11 22:39:04 1998
Date: Tue, 11 Aug 1998 15:38:59 -0700 (PDT)
From: Julian Elischer <julian@whistle.com>
To: Dan Langille <junkmale@xtra.co.nz>
cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: ipfw and natd
In-Reply-To: <199808110904.VAA25925@cyclops.xtra.co.nz>
Message-ID: <Pine.BSF.3.95.980811153826.29188A-100000@current1.whistle.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

it should be as early as possible..
this will make a difference to the way it works in 3.0

julian


On Tue, 11 Aug 1998, Dan Langille wrote:

> I'm using ifpw and natd.  In order for natd to work, the following rule 
> must be present somewhere within the ipfw rules.
> 
> divert    natd ip   from any              to any           via ed0
> 
> (or whatever your external nic is if it's not ed0).
> 
> Where should that rule be placed in relationship to other rules?  At the 
> top, at the bottom?
> 
> I used to have it as the last rule (before the deny all rule).  But an 
> example I just found 
> (http://www.metronet.com/~pgilley/freebsd/ipfw/ben2.html) has this rule at 
> the top.
> 
> I'm confused.  I thought you'd want to disallow stuff before allowing the 
> natd stuff.  Or am I mucked up?
> 
> --
> Dan Langille
> DVL Software Limited
> http://www.dvl-software.com/freebsd : my [mis]adventures
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message