From owner-freebsd-questions  Sun Dec 17 14: 6:22 2000
From owner-freebsd-questions@FreeBSD.ORG  Sun Dec 17 14:06:19 2000
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.rdc2.mi.home.com (ha1.rdc2.mi.home.com [24.2.68.68])
	by hub.freebsd.org (Postfix) with ESMTP id 8B0CD37B400
	for <freebsd-questions@freebsd.org>; Sun, 17 Dec 2000 14:06:19 -0800 (PST)
Received: from c265-a.home.com ([24.7.242.199]) by mail.rdc2.mi.home.com
          (InterMail vM.4.01.03.00 201-229-121) with ESMTP
          id <20001217220618.LERA4970.mail.rdc2.mi.home.com@c265-a.home.com>
          for <freebsd-questions@freebsd.org>;
          Sun, 17 Dec 2000 14:06:18 -0800
Message-Id: <5.0.2.1.2.20001217165402.00ac15a0@mail.rdc1.mi.home.com>
X-Sender: jaid@mail.rdc1.mi.home.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Sun, 17 Dec 2000 17:06:14 -0500
To: freebsd-questions@freebsd.org
From: jaid <jaid@home.com>
Subject: IPFW Weirdness (Seeking an explanation)...
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I have a question in regards to a couple ipfw rules that i have setup.

A little explanation info:
box a: freebsd box running ipfw/natd/iplog and basically, nothing else. 
Interfaces fxp0 (cable) and fxp1(internal)
box b: freebsd box running apache and a few other services.
box c: windows box.

Recently I decided that I wanted to be able to access the apache server on 
box b, from box c, via the cable ip address on box a. I tried a ton of 
different rules, and finally have something that seems to work. However, I 
dont understand why it works, and why it has to be *EXACTLY* like this:

00020 divert 8668 ip from 192.168.0.0/24 to xxx.xxx.xxx.xxx via fxp1
00020 divert 8668 ip from 192.168.0.0/24 to 192.168.0.0/24 via fxp1
(xxx.xxx.xxx.xxx = cable static ip)

If either rule is missing, it wont work. If i change the 192.168.0.0/24 to 
the internal address of box c, it wont work. If both rules are not the same 
number (in this case 00020), it wont work. If the rule listed second here, 
is entered in first, it wont work. It has to be just like its shown, in 
that order, or it doesnt work.

Could someone please explain to me what the heck is making it work?

TIA

-jaid 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message