I've almost got this working, and judging from the news archive, it should
be able to work.
I've got two FreeBSD machines, one 2.2.7-RELEASE and one
2.2.7-19980828-SNAP. The latter machine is a firewall with natd running
on it. Without configuring natd, we can establish encrypted
communications to our hearts content.
However, as soon as we insert the ipfw divert rule for natd, things go
south fast. Basically, we've tried various configurations, and we can get
one or the other to work, but not both. Even a two-rule rc.firewall
consisting of just the divert rule and a pass all rule kills SKIP if the
divirt comes first.
My first guess after it became obvious that there was no easy firewall
rule, was to tell natd to use sockets, but that only works for FTP and
IRC.
A second, semirelated question, now that I think about it: Is there any
way, assuming we don't have a packetfilter capable device between our net
connect and the SKIP machine, to deny all telnets that are not coming in
from a SKIP-secured connection?
