From owner-freebsd-net Tue Aug 8 7:13:57 2000 Delivered-To: freebsd-net@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 817A737B8D3 for ; Tue, 8 Aug 2000 07:13:42 -0700 (PDT) (envelope-from nick@rapidnet.com) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id IAA07450; Tue, 8 Aug 2000 08:13:25 -0600 (MDT) Date: Tue, 8 Aug 2000 08:13:25 -0600 (MDT) From: Nick Rogness To: "G.B.Naidu" Cc: freebsd-net@FreeBSD.org Subject: Re: divert rule in ipfw... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 8 Aug 2000, G.B.Naidu wrote: > > > This will divert all packets to natd. But I would like to divert all > packets except the packets generated from the machine say 10.0.16.63 where > the natd is running. For this I tried to use some thing like this: > > ipfw add divert natd not 10.0.16.63 to not 10.0.16.63 via de0 > > Still looks like it diverts all the packets. Can some body let me know > how do I avoid divreting packets generated from the machine where the natd > is running. > Add a rule before the natd rule to allow traffic from this machine (10.0.16.63) to any. Example: ipfw add 50 allow ip from 10.0.16.63 to any ipfw add 51 allow ip from any to 10.0.16.63 ipfw add 100 divert natd ip from any to any via de0 That is how I've always done it. However, the rule you are using should work... Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message