Matt,
I believe this problem is similar to one that I had. The solution in
my case was to add two additional ipfwadm entries IN FRONT of the
masquerading entries so that the two subnets can talk to each other,
bypassing the masquerading.
i.e.:
ipfwadm -F -p deny
ipfwadm -F -a accept -S AAA.AAA.AAA.0/24 -D BBB.BBB.BBB.0/24
ipfwadm -F -a accept -S BBB.BBB.BBB.0/24 -D AAA.AAA.AAA.0/24
ipfwadm -F -a accept -m -S AAA.AAA.AAA.0/24
ipfwadm -F -a accept -m -S BBB.BBB.BBB.0/24
Assuming AAA.AAA.AAA.0 is subnet 1 and BBB.BBB.BBB.0 is subnet 2 and that
they are both class "C" networks, the ipfwadm rules will fire for straight
packet forwarding from AAA to BBB and BBB to AAA. If however the
destination is not AAA or BBB, then the masquerading rules will fire.
You will need to adjust your subnet mask for anything other than class
"C".
Jim
