Date: Sat, 31 Dec 2005 00:07:40 -0500 From: "Robert Collins" <rcollins@hwi.buffalo.edu> To: <freebsd-questions@freebsd.org> Subject: forwarding http requests with ipfw Message-ID: <003d01c60dc8$2090f930$6601a8c0@dhcp.hwi.buffalo.edu>
next in thread | raw e-mail | index | archive | help
I've got a situation where I've got an internal host using a private ip/domainname. Let's say for the sake of this discussion the host is privatehost.internal.freebsd.org. privatehost isn't running a webserver. But I would like machines on the internal.freebsd.org network to query privatehost as if it was. When one of these machines queries privatehost I would like privatehost to forward those requests to my webserver, www.freebsd.org, so that it can handle the request. In order to accomplish that I have done the following: My kernel was compiled with these options: options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_FORWARD_EXTENDED "ipfw list" looks like this: 00100 allow ip from any to any via lo0 00110 deny ip from any to 127.0.0.0/8 00120 deny ip from 127.0.0.0/8 to any 10000 fwd 216.136.204.117 tcp from any to me dst-port 80 65000 allow ip from any to any 65535 deny ip from any to any The problem I am having is that it seems the packets never leave privatehost. tcpdump shows packets coming in destined for port 80. "ipfw show" shows that packets are matching my rule, but tcpdump never shows any packets going out to 216.136.204.117. tcpdump on 216.136.204.117 also shows that no packets are being recieved. I did a tcpdump on lo0 just for kicks, and that didn't show anything. It seems as if the packets are just disappearing. Someone on #freebsdhelp suggested doing a "sysctl -w net.inet.ip.forwarding=1" but that didn't help the situation. Is there something minor I'm missing here...or am I totally off in my understanding of how "ipfw fwd" works? Thanks -rcollins
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003d01c60dc8$2090f930$6601a8c0>