ipfw & natd

Cristian Ursuleanu cristi at debug.ro
Mon Sep 20 13:12:40 PDT 2004


you are wight!

but, I do some tests and it seems to work only when:
net.inet.ip.fw.one_pass=0

if net.inet.ip.fw.one_pass=0 then packets are reinjected into firewall ,
and when net.inet.ip.fw.one_pass=1 are not.

I use: FreeBSD 4.10 STABLE , and ipfw1.

"net.inet.ip.fw.one_pass: 1
	Forces a single pass through the firewall. If set to 0,
	packets coming out of a pipe will be reinjected into the
	firewall starting with the rule after the matching one.
"


On Mon, 20 Sep 2004, Jose Hidalgo Herrera wrote:

> You are right, but Tomas too!,
>
> what is missing here is:
> # sysctl -w net.inet.ip.fw.one_pass=1
>
> Use the divert first, with one_pass=1 the package will
> be reinjected and the your fwd rule will work just fine.
>
> --- this will do
>  sysctl -w net.inet.ip.fw.one_pass=1
>
>  natd -p 8668 -interface rl0
>  natd -p 8669 -interface rl1
>
>  ipfw add 1000 divert 8668 all from any to any rl0
>  ipfw add 2000 divert 8669 all from any to any rl1
>  ipfw add 2010 fwd 5.6.7.8 tcp from 10.0.0.0/24 to any 80 out recv ed0
> ---
> --
> Jose Hidalgo
> PGP: 15524480
> jose at hostarica.com
> http://www.hostarica.com
>
>
>


More information about the freebsd-ipfw mailing list