ipfw divert with exception?

[Foo Ji-Haw]

I've not tried it myself, but putting the exception rules before the
'divert' rule should help, since ipfw exits the rule matching upon first
match.

----- Original Message ----- 
From: "patrick" <gibblertron at gmail.com>
To: <freebsd-questions at freebsd.org>
Sent: Tuesday, January 03, 2006 4:56 AM
Subject: ipfw divert with exception?


> I have a FreeBSD 6.0 machine acting as a router for our office. We use
> natd for address translation, and I have rule like so:
>
> ipfw add divert natd all from any to any via ${ext_if}
>
> To allow incoming SSH access, I have a redirect_port line setup in my
> /etc/natd.conf file, and while it works just fine, I don't like that
> natd has to be running in order for me to SSH into the server.
> (Because, if -- hypothetically of course -- one were to *cough*
> accidentally kill the natd process without realizing this, then
> *ahem*, one would be locked out remotely without any means of fixing
> it. And I'd like to stress that this situation is indeed, uh,
> hypothetical. ;) )
>
> So, I'm sure there is a way for me to create some ipfw rules above the
> divert line to accept incoming SSH traffic and not having it get
> diverted, but I'm at a bit of a loss as to how I can achieve this. The
> current rule I have above this does not do anything to stop the
> traffic from being diverted:
>
> ipfw add accept tcp from any to any 22 in via ${ext_if}
>
> Any help or insight would be greatly appreciated.
>
> Thanks,
>
> Patrick
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"