Date: Tue, 20 Oct 1998 10:03:35 -0700 (PDT) From: Dan Busarow <dan@dpcsys.com> To: Dan Langille <junkmale@xtra.co.nz> Cc: Matt Prigge <prigge@bucknell.edu>, FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Subject: Re: More IPFW/natd trouble, but I'm close! Message-ID: <Pine.BSF.3.96.981020100014.3227H-100000@java.dpcsys.com> In-Reply-To: <199810200934.WAA15675@witch.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 Oct 1998, Dan Langille wrote:
> If I read this correctly, we have two conflicting views. One says do the
> divert early. The other says do the divert late.
Not sure where you are seeing a divert late view. From the natd
man page (and Matt's post)
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via ed0
/sbin/ipfw add pass all from any to any
The second line depends on your interface (change ed0 as appropri-
ate) and assumes that you've updated /etc/services with the natd en-
try as above. If you specify real firewall rules, it's best to
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
specify line 2 at the start of the script so that natd sees all
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
packets before they are dropped by the firewall. The firewall rules
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
will be run again on each packet after translation by natd, minus
any divert rules.
Dan
--
Dan Busarow 949 443 4172
Dana Point Communications, a California corporation dan@dpcsys.com
Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981020100014.3227H-100000>