This was exactly what we needed. Thanks again for the help....
James A. Capp wrote:
> Matt,
>
> I believe this problem is similar to one that I had. The solution in
> my case was to add two additional ipfwadm entries IN FRONT of the
> masquerading entries so that the two subnets can talk to each other,
> bypassing the masquerading.
>
> i.e.:
>
> ipfwadm -F -p deny
> ipfwadm -F -a accept -S AAA.AAA.AAA.0/24 -D BBB.BBB.BBB.0/24
> ipfwadm -F -a accept -S BBB.BBB.BBB.0/24 -D AAA.AAA.AAA.0/24
> ipfwadm -F -a accept -m -S AAA.AAA.AAA.0/24
> ipfwadm -F -a accept -m -S BBB.BBB.BBB.0/24
>
> Assuming AAA.AAA.AAA.0 is subnet 1 and BBB.BBB.BBB.0 is subnet 2 and that
> they are both class "C" networks, the ipfwadm rules will fire for straight
> packet forwarding from AAA to BBB and BBB to AAA. If however the
> destination is not AAA or BBB, then the masquerading rules will fire.
>
> You will need to adjust your subnet mask for anything other than class
> "C".
>
> Jim
