From owner-freebsd-questions  Fri Feb 22  3:10:18 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38])
	by hub.freebsd.org (Postfix) with ESMTP id A0A8E37B402
	for <questions@FreeBSD.ORG>; Fri, 22 Feb 2002 03:10:14 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020222111014.JWDA2626.rwcrmhc51.attbi.com@blossom.cjclark.org>;
          Fri, 22 Feb 2002 11:10:14 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g1MBAE984451;
	Fri, 22 Feb 2002 03:10:14 -0800 (PST)
	(envelope-from cjc)
Date: Fri, 22 Feb 2002 03:10:14 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Joe & Fhe Barbish <barbish@a1poweruser.com>
Cc: Drew Tomlinson <drew@mykitchentable.net>,
	FBSDQ <questions@FreeBSD.ORG>
Subject: Re: Migrate from IPF to IPFW
Message-ID: <20020222031014.N48401@blossom.cjclark.org>
References: <00a501c1aa82$e1d508f0$c42a6ba5@lc.ca.gov> <LPBBIGIAAKKEOEJOLEGOCEGFCIAA.barbish@a1poweruser.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <LPBBIGIAAKKEOEJOLEGOCEGFCIAA.barbish@a1poweruser.com>; from barbish@a1poweruser.com on Thu, Feb 21, 2002 at 06:46:23PM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, Feb 21, 2002 at 06:46:23PM -0500, Joe & Fhe Barbish wrote:
> Don't know how far you have gotten, but I just completed doing the same
> thing.  First thing is to remove the natd divert rule from your ipfw rules.
> Natd and ipfw were never designed to work together.

That's not really accurate. First there was ipfw(8). Then natd(8) was
created to work with ipfw(8) using divert(4) sockets. It was later
that 'keep-state' capabilities were added to ipfw(8), and it is
'keep-state' that is tricky to get to work with natd(8).
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message