From owner-freebsd-ipfw Mon Jul 29 11:42:46 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AFBF37B400 for ; Mon, 29 Jul 2002 11:42:43 -0700 (PDT) Received: from relay03.esat.net (relay03.esat.net [193.95.141.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0058743E31 for ; Mon, 29 Jul 2002 11:42:43 -0700 (PDT) (envelope-from phil@ipac.ie) Received: from ipac-gw.cr001.ddm.esat.net (mail.rfc-networks.ie) [193.95.188.30] by relay03.esat.net with esmtp id 17ZFTd-0004Tu-00; Mon, 29 Jul 2002 19:42:41 +0100 Received: from tear.domain (unknown [10.0.1.254]) by mail.rfc-networks.ie (Postfix) with ESMTP id E6BE454834 for ; Mon, 29 Jul 2002 18:46:46 +0100 (IST) Received: by tear.domain (Postfix, from userid 1000) id C4EFF2113F; Mon, 29 Jul 2002 19:43:31 +0000 (GMT) Date: Mon, 29 Jul 2002 19:43:31 +0000 From: Philip Reynolds To: freebsd-ipfw@freebsd.org Subject: Re: divert a port to another ip Message-ID: <20020729194331.A14733@rfc-networks.ie> Reply-To: philip.reynolds@rfc-networks.ie References: <3D45740A.2000704@devzerog.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D45740A.2000704@devzerog.com>; from m@devzerog.com on Mon, Jul 29, 2002 at 05:57:46PM +0100 X-Operating-System: FreeBSD 4.6-RC X-URL: http://www.rfc-networks.ie Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Mike, Mike Dewhirst 25 lines of wisdom included: > Hi, > > If I want to divert all requests on a certain port to another ip address > and another port, e.g. > > 80.0.0.123:666 --> 192.10.10.5:22 > > what would be the rule? I thought: > > divert 8668 tcp from any 666 to 192.10.10.5 22 via xl0 Divert 8668 is using NAT (Network Address Translation). Do you actually want to forward all requests to another IP and port or do you want to do NAT? If you're looking to blindly forward, look at the ``fwd'' part of ipfw(8) (man 8 ipfw) For this, on 4.6-RELEASE anyways, it expects that options IPFIREWALL_FORWARD is in your kernel. If it's not you're going to have to do a kernel recompile. http://tardis.redbrick.dcu.ie/87 > 8668 is the natd port (I think) - I have this rule that works: > divert 8668 ip from any to any via xl1 > > But it doesn't seem to work. Any ideas? > > Also, what is a good online resource for ipfw? http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO -- Philip Reynolds | Technical Director philip.reynolds@rfc-networks.ie | RFC Networks Ltd. http://www.rfc-networks.ie | +353 (0)1 8832063 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message