Hello Zrelli,
the rule 65000 allow ip from any to any stops processing of a packet,
so it will never reach diverting rule 65100.
see man ipfw about rule-processing
Tuesday, September 28, 2004, 2:08:36 PM, Zrelli Saber Ben Mohamed wrote:
ZSBM> Hi ,
ZSBM> I'm interesed in the "divert" mechanism
Thanks !
I got it working.
--
Saber
Zrelli Saber Ben Mohamed wrote:
Hi ,
I'm interesed in the "divert" mechanism and want to try it out ,
so I recompiled the kernel ( FreeBSD 5.2.1-RELEASE #0 ) after adding
the IPDIVERT option and then added the needed lines in the rc.conf file,
after that , I s
Zrelli Saber Ben Mohamed wrote:
Hi ,
I'm interesed in the "divert" mechanism and want to try it out ,
so I recompiled the kernel ( FreeBSD 5.2.1-RELEASE #0 ) after adding the
IPDIVERT option and then added the needed lines in the rc.conf file,
after that , I set up ipfw to divert packets to some
Hi ,
I'm interesed in the "divert" mechanism and want to try it out ,
so I recompiled the kernel ( FreeBSD 5.2.1-RELEASE #0 ) after adding the
IPDIVERT option and then added the needed lines in the rc.conf file,
after that , I set up ipfw to divert packets to some port
here is my ipfw rule set .
On Wed, Dec 24, 2003 at 08:39:45AM -0500, Leo Bicknell wrote:
...
> Now that I've used IPFW2 for something more complicated than simple
> host filtering I see that the syntax and structure makes something
> like a firewall/nat box for any moderately interesting config way
> too complicated with way
Original broken case:
In a message written on Tue, Dec 23, 2003 at 03:17:12PM -0500, Leo Bicknell wrote:
> > ipfw add 1000 divert natd ip from any to any recv fxp0
> > ipfw add 1001 divert natd ip from any to any xmit fxp0
In a message written on Tue, Dec 23, 2003 at 12:28:09PM -0800, Luigi Riz
On Tue, Dec 23, 2003 at 03:17:12PM -0500, Leo Bicknell wrote:
...
> I must not be clear on what "in" "out" "recv" and "xmit" mean, and
> after reading the manual page 3 times I'm now even more confused.
The names are reasonably intuitive...
"in" matches packets on the INput path (basic
Well, I found the solution to my problem by random chance (futzing with
other things), and it still doesn't make sense.
Works:
> ipfw add 1000 divert natd ip from any to any via fxp0
Doesn't work:
> ipfw add 1000 divert natd ip from any to any recv fxp0
> ipfw add 1001 divert natd ip from any
On Tue, Dec 23, 2003 at 11:54:39AM -0500, Leo Bicknell wrote:
> doesn't? Yes, I want to do something fancier treating inbound and
> outbound traffic differently, but this basic case doesn't seem to
> work, and it seems to me like it should. What am I missing?
Have you configured IPFW2 (if runnin
Can someone explain to me why:
ipfw add 1000 divert natd ip from any to any via fxp0
works, and yet:
ipfw add 1000 divert natd ip from any to any recv fxp0
ipfw add 1001 divert natd ip from any to any xmit fxp0
doesn't? Yes, I want to do something fancier treating inbound and
outbound traffic
-BEGIN PGP SIGNED MESSAGE-
Hi,
We have a situation where we would like to drop packets based on the IP
datagram length. I was wondering if this was possible with ipfw, and if not,
how hard would this functionality be to implement into it.
Thanks in advance...
Corey
- --
11 matches
Mail list logo
