Date: Tue, 16 Jul 2002 15:30:47 +0400 From: boris karlov <borman@blank.spb.ru> To: ipfw@FreeBSD.ORG Cc: Ruslan Ermilov <ru@FreeBSD.ORG> Subject: Re: keep-state rule before nat Message-ID: <20020716113047.GC4470@xy.blank.spb.ru> In-Reply-To: <20020213105807.B46245@sunbay.com> References: <3C6A38F2.8B65E6EC@jet.msk.su> <20020213105807.B46245@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 13 Feb 2002 10:58:07 +0200, Ruslan Ermilov <ru@FreeBSD.ORG> wrote: > On Wed, Feb 13, 2002 at 11:59:14AM +0200, Andrew V. Jemerya wrote: > > Hi, guys! > > > > I had some trouble with keep-state rules recently. > > My firewall rules are the folowing: > > > > check-state > > allow tcp from any to xxxx 25 keep-state > > allow udp from any 53 to xxx 53 keep-state > > > > divert natd from 192.168.0.0/24 to any out via rl0 > > divert from any to xxx in via rl0 > > > > > > allow all from 192.168.0.4 to any via rl1 keep-state > > > > This construction doen't work properly, but exactly it doesn't work at > > all > > What can I do for this situation? > > > Keep-state combined with divert is really tricky. > Search ML archives for a possible solution. I > posted them once. > -- Alas, I can't find smth. appropriate in ML archives. I've failed with Google too. Does anybody have a recipe? URL or paper? Finally I can't realize which rules I get from `keep-state' match in this case. 10x in advance, boris karlov. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716113047.GC4470>