From owner-freebsd-questions  Tue Oct 20 10:03:09 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA08644
          for freebsd-questions-outgoing; Tue, 20 Oct 1998 10:03:09 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA08631
          for <freebsd-questions@FreeBSD.ORG>; Tue, 20 Oct 1998 10:03:06 -0700 (PDT)
          (envelope-from dan@dpcsys.com)
Received: from localhost (dan@localhost)
	by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id KAA24538;
	Tue, 20 Oct 1998 10:03:35 -0700 (PDT)
Date: Tue, 20 Oct 1998 10:03:35 -0700 (PDT)
From: Dan Busarow <dan@dpcsys.com>
To: Dan Langille <junkmale@xtra.co.nz>
cc: Matt Prigge <prigge@bucknell.edu>,
        FreeBSD Questions List <freebsd-questions@FreeBSD.ORG>
Subject: Re: More IPFW/natd trouble, but I'm close!
In-Reply-To: <199810200934.WAA15675@witch.xtra.co.nz>
Message-ID: <Pine.BSF.3.96.981020100014.3227H-100000@java.dpcsys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 20 Oct 1998, Dan Langille wrote:
> If I read this correctly, we have two conflicting views.  One says do the 
> divert early.  The other says do the divert late.

Not sure where you are seeing a divert late view.  From the natd
man page (and Matt's post)

    /sbin/ipfw -f flush
    /sbin/ipfw add divert natd all from any to any via ed0
    /sbin/ipfw add pass all from any to any
  The second line depends on your interface (change ed0 as appropri-
  ate) and assumes that you've updated /etc/services with the natd en-
  try as above.  If you specify real firewall rules, it's best to
				 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  specify line 2 at the start of the script so that natd sees all
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  packets before they are dropped by the firewall.  The firewall rules
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  will be run again on each packet after translation by natd, minus
  any divert rules.

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, a California corporation        dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message