Problems with ipfw/natd and axe(4)
Ian Smith
smithi at nimnet.asn.au
Mon Apr 15 06:25:13 UTC 2013
On Sun, 14 Apr 2013 10:34:06 -0700, Michael Sierchio wrote:
> On Sun, Apr 14, 2013 at 10:26 AM, Ian Smith <smithi at nimnet.asn.au> wrote:
>
> > 'allow ip' aka 'allow all' doesn't usually take a port number, which
> > applies only to tcp and udp.
>
> It does in ipfw - in which case it means ( udp | tcp )
You're quite right, and my assumption that it would also permit icmp
was quite wrong, after a quick test.
Which appears to leave the bypassed divert not working with rx/txcsum
the only viable suspect. The ruleset is otherwise 'out of the box'.
Does anyone know whether this is an issue with libalias(3) generally -
in which case using nat instead of divert shouldn't help - or just with
natd in particular?
cheers, Ian
More information about the freebsd-ipfw
mailing list