OK people - here's the deal. I have tried the setup as described by *Patrick Tracanelli at *click <http://lists.freebsd.org/pipermail/freebsd-ipfw/2007-April/002956.html> but the shitty thing still doesn't want to just let it be! Since I don't want to
00500 468 30071 deny log logamount 100 ip from any to any MAC any any layer2 via xl0 I'm trying to integrate a rule that just skips the natd but still allows normal client -> freebsd box communication. The problem is - I can manipulate layer2 any way I like e.g. use skipto with MAC as described and everything but as soon as I add a rule like this ipfw add 500 skipto 1400 /after the divert natd/ all from any to any not layer2 I lose worldwide connectivity. And if I don't add this rule my whole 192.168.1.0/24 segment in enabled because of the 01203 divert 8668 ip from 192.168.1.0/24 to any out via fxp0 01205 divert 8668 ip from any to me in via fxp0 Can someone please explain this? And just give the word and I'll send a more substantial part of the ruleset and the different strategies /of rulesets :)/ that I've tried. The bottom line - Patrick's setup doesn't work, at least here. I'm certain that I've written the rules they're supposed to be /just change ip ranges, if names etc./ 10x in advance and please do bare with me... -- mEsS wItH tHe bEsT dIE liKe tHe rESt _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"