ipfw2(stateful)+divert; why divert rule is ignored?
Dennis Olvany
dennisolvany at gmail.com
Mon Mar 13 19:50:46 UTC 2006
> Regular NAT is working properly, but I can't configure NAPT to
> services on server in LAN....
You mean port forwarding?
> 03800 0 0 divert 6893 log logamount 100 tcp from
> 192.168.0.1 80 to any out via tun0
Possibly traffic has already been translated at this point?
> 04700 25 1554 divert 6893 log logamount 100 tcp from any to
> 212.42.xxx.xxx dst-port 80 in via tun0
Why multiple diverts?
> 05000 150 6816 allow log logamount 100 tcp from any to 192.168.0.1
> dst-port 80 in via tun0 setup keep-state
I believe you'll find setup keep-state incompatible with natd.
More information about the freebsd-ipfw
mailing list