From owner-freebsd-net Tue Aug 8 2:54:21 2000 Delivered-To: freebsd-net@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 61E9B37B77D for ; Tue, 8 Aug 2000 02:54:11 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.9.3/1.13) id MAA18621; Tue, 8 Aug 2000 12:53:33 +0300 (EEST) Date: Tue, 8 Aug 2000 12:53:32 +0300 From: Ruslan Ermilov To: "G.B.Naidu" Cc: freebsd-net@FreeBSD.org Subject: Re: divert rule in ipfw... Message-ID: <20000808125332.A17316@sunbay.com> Mail-Followup-To: "G.B.Naidu" , freebsd-net@FreeBSD.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from gbnaidu@sasi.com on Tue, Aug 08, 2000 at 02:39:25PM +0530 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Aug 08, 2000 at 02:39:25PM +0530, G.B.Naidu wrote: > > Hi, > > I have a ipfw rule like this: > > ipfw add divert natd all from any to any via de0 > > This will divert all packets to natd. But I would like to divert all > packets except the packets generated from the machine say 10.0.16.63 where > the natd is running. For this I tried to use some thing like this: > > ipfw add divert natd not 10.0.16.63 to not 10.0.16.63 via de0 > > Still looks like it diverts all the packets. Can some body let me know > how do I avoid divreting packets generated from the machine where the natd > is running. > The above rule works like expected here. You can always add a `log' keyword to it and see what actual packets match the rule. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message