Date: Mon, 25 Jun 2001 15:45:09 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Tim Erlin <tperlin@yahoo.com> Cc: questions@FreeBSD.ORG Subject: Re: ipfw -- fwd, divert, natd -redirect_port? Message-ID: <Pine.BSF.4.21.0106251459010.42332-100000@cody.jharris.com> In-Reply-To: <20010625183512.91569.qmail@web11706.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Jun 2001, Tim Erlin wrote: > So is there a distinction between adding a divert statement to my ipfw > config and adding a -redirect_port statement to my natd config file? Yeh, I did a poor job explaining that part. natd is a userland daemon that runs seperate from ipfw. The divert ipfw statement is used to send packets between the kernel (ipfw) and that natd daemon, which actually changes the src/dest and reinjects back into the kernel (ipfw). Maybe this will help: 1) Packet Processing processes firewall rules looking for match 2) Divert rule matched 2.1) Kernel sends packet to port specified in divert rule 2.2) natd,listening on that port (8668), receives packet 2.3) natd makes changes to src/dest 2.4) natd sends packet back to kernel 3) Packet processing continues AFTER the divert rule It's actually more complicated than that, but you should get the point that natd needs 'ipfw divert' to function properly. Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0106251459010.42332-100000>