Date: Tue, 8 Aug 2000 08:13:25 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: "G.B.Naidu" <gbnaidu@sasi.com> Cc: freebsd-net@FreeBSD.org Subject: Re: divert rule in ipfw... Message-ID: <Pine.BSF.4.21.0008080804390.98170-100000@rapidnet.com> In-Reply-To: <Pine.LNX.4.21.0008081435000.779-100000@pcd75.sasi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 8 Aug 2000, G.B.Naidu wrote: > > > This will divert all packets to natd. But I would like to divert all > packets except the packets generated from the machine say 10.0.16.63 where > the natd is running. For this I tried to use some thing like this: > > ipfw add divert natd not 10.0.16.63 to not 10.0.16.63 via de0 > > Still looks like it diverts all the packets. Can some body let me know > how do I avoid divreting packets generated from the machine where the natd > is running. > Add a rule before the natd rule to allow traffic from this machine (10.0.16.63) to any. Example: ipfw add 50 allow ip from 10.0.16.63 to any ipfw add 51 allow ip from any to 10.0.16.63 ipfw add 100 divert natd ip from any to any via de0 That is how I've always done it. However, the rule you are using should work... Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008080804390.98170-100000>