Mikhail Teterin wrote: > Does natd(8) really need to see _all_ packets?
Not at all, as you've guessed. Subtleties abound with stateful rules, and side effects of using the divert mechanism, such as: after returning from natd packets don't know which interface they came in on. Matching rules therefore becomes tricky. I manage to do without skipto rules, your kilometrage may vary. Traffic that is destined to the host itself from the outside may be handled via rules that match before reaching the divert rule(s). Likewise, traffic that is between hosts on the local nets may be matched before nat'ing. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
