Ian Smith ([email protected]) [11.08.04 08:44] wrote: > On Wed, 3 Aug 2011, Zeus V Panchenko wrote: > [..] > > Although ipfw(8) doesn't explicitly say so - unlike natd(8) - I believe > that you need to specify either 'if bge1' or 'ip b.b.b.1', but not both. > > > so, ipsec and ipfw_nat out works, but where are reply packets > > disappearing to after coming to gif0 interface? why no backward > > divert occures? > > Try 'ipfw nat show config' to see how ipfw thinks nat is configured, and > maybe 'ipfw show' to check that all your other rules match ipfw.conf >
you are right, ipfw thinks about nat this way: # ipfw nat show config ipfw nat 100 config if bge1 log reverse i have tried both combinations and still no result: 1. with `if' i see `incorrect' (lan ip) traffic on gif0 2. with `ip' i see only ipsec peer replies and no back divert 3. bUt with both options i see the same as in p.2 any further idea? -- Zeus V. Panchenko JID:[email protected] GMT+2 (EET) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
