Date: Tue, 20 Oct 1998 22:40:50 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Subject: ipfw: divert natd - early or late? Message-ID: <199810200940.WAA21150@cyclops.xtra.co.nz>
next in thread | raw e-mail | index | archive | help
I run ipfw on my subnet. I also run natd as I have one nic for the subnet
and another for my ISP. I've seen two conflicting recommendations lately
regarding the placement of the divert statement.
In fact, rc.firewall for version 2.2.7 comes with natd divert support
built in (see below). And it places the divert very high up.
I'd like to know more. Especially consider the fact that I'm having
trouble with the following rule when using the simple model:
#$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif}
Direction from the gurus would be appreciated. Cheers.
extra from rc.firewall:
############
# Flush out the list before we begin.
$fwcmd -f flush
############
# These rules are required for using natd. All packets are passed to natd
befor
# they encounter your remaining rules. The firewall rules will then be
run agai
# on each packet after translation by natd, minus any divert rules (see
natd(8))
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
$fwcmd add divert natd all from any to any via ${natd_interface}
fi
--
Dan Langille
DVL Software Limited
The FreeBSD Diary - my [mis]adventures
http://www.FreeBSDDiary.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810200940.WAA21150>