Site Navigation

Date:      Tue, 12 Jun 2001 10:39:30 -0400 (EDT)
From:      Jim Freeze <jim@freeze.org>
To:        "Patrick O'Reilly" <patrick@mip.co.za>
Cc:        <questions@FreeBSD.ORG>
Subject:   RE: Need help with meaning of divert
Message-ID:  <Pine.BSF.4.32.0106121030460.39601-100000@www.stelesys.com>
In-Reply-To: <NDBBIMKICMDGDMNOOCAIGEIACLAA.patrick@mip.co.za>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Thanks Patrick for the wonderful explanation.

On Tue, 12 Jun 2001, Patrick O'Reilly wrote:

> Basically, what happens when a TCP/IP packet hits an interface is the kernel
> first runs it through your ipfw rules in numeric sequence.  When it hits the
> divert rule the packet will be processed by NATD which will substitute the
> private internal IP with the public external IP of the interface (the IP
> associated with interface 'vx0' in your case).  The packet is then
> re-injected into the ipfw ruleset right after the divert rule.  Other
> translations might happen if natd has been given redirect_port or
> redirect_address directives.
>
> To illustrate, consider this example: your web server is on private IP
> 10.10.10.10, but your firewall's public IP is 24.9.218.175.  There will

How do I know what address will be used for the private IP? I assume that
it can be any of 192.168.x.x or 10.x.x.x?


> Try '# grep divert /etc/* ' to help find it...

/etc/protocols:divert   254     DIVERT          # Divert pseudo-protocol
/etc/rc.firewall:# minus any divert rules (see natd(8)).
/etc/rc.firewall:        $fwcmd add divert natd all from any to any via
${natd_interface}
/etc/rc.firewall.open:$fwcmd add divert natd all from any to any via
${natd_interface}
/etc/rc.network:            echo -n 'Firewall rules loaded, starting
divert daemons:'
/etc/services:natd              8668/divert # Network Address Translation

> Hope this helps a bit.

Yes, thanks


=========================================================
Jim Freeze
jim@freeze.org
---------------------------------------------------------
No comment at this time.
http://www.freeze.org
=========================================================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0106121030460.39601-100000>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact