From owner-freebsd-questions Thu Feb 21 12:16:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from ulixes.esc.ac.at (ulixes.esc.ac.at [193.170.216.34]) by hub.freebsd.org (Postfix) with ESMTP id 727B137B417 for ; Thu, 21 Feb 2002 12:16:14 -0800 (PST) Received: from ulixes.esc.ac.at (localhost.esc.ac.at [127.0.0.1]) by ulixes.esc.ac.at (8.12.2/8.12.2) with ESMTP id g1LKGCHr051631; Thu, 21 Feb 2002 21:16:12 +0100 (CET) (envelope-from flo@ulixes.esc.ac.at) Received: (from flo@localhost) by ulixes.esc.ac.at (8.12.2/8.12.2/Submit) id g1LKGCWK051630; Thu, 21 Feb 2002 21:16:12 +0100 (CET) (envelope-from flo) Date: Thu, 21 Feb 2002 21:16:12 +0100 From: Florian Nigsch To: "Scott M. Nolde" , freebsd-questions@freebsd.org Subject: Re: IPFW rules Message-ID: <20020221211612.A51456@nigsch.com> References: <20020221192954.A50541@nigsch.com> <20020221133942.B53679@smnolde.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020221133942.B53679@smnolde.com>; from scott@smnolde.com on Thu, Feb 21, 2002 at 01:39:42PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That's totally clear to me. But I wanted to know what happens if I send out a packet from the machine with IP 192.168.1.2 which first goes to 192.168.1.1 (ed1) which is at the same time 1.2.3.4 (ed0) and is then sent out to the internet over ed0. Is the packet catched by 1) count ip from 192.168.1.0/24 to any out via ed0 2) count ip from 192.168.1.0/24 to any 3) count ip from any to any out via ed0 4) count ip from 1.2.3.4 to any out via ed0 ? I think it is catched by rules 1 to 3. --> Is it also catched by rule 4 because of natd? Rule 2 counts also the internal traffic. Rule 3 - in my opinion - catches everything originating on the inside net AND also the packets originating on the outside IP number, whereas rule 4 ONLY catches the packets originating on the outside IP. Consclusions: (just to be sure) rule2 minus rule1 = internal traffic rule3 minus rule1 = outgoing traffic from offical ip which should be the same as the counter for rule 4 I'm I right? On Thu, Feb 21, 2002 at 01:39:42PM -0500, Scott M. Nolde wrote: > I use the skipto function of ipfw: > # ipfw show | head > 00010 894628 264432483 skipto 50 ip from any to any in recv dc0 > 00020 1021767 135654843 skipto 50 ip from any to any out xmit dc0 > > then rule 50 is the first rule of my normal ipfw ruleset. ---end quoted text--- -- --- Florian Nigsch http://flo.nigsch.com/ PGP key: http://flo.nigsch.com/fnigsch.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message