Date: Wed, 16 Apr 2003 17:20:31 -0700 From: Darren Pilgrim <dmp@pantherdragon.org> To: <freebsd@code-space.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW/NATD: Client behind firewall connecting to server behind firewall AS IF it were really EXTERNAL Message-ID: <20030416172031.5497fc18.dmp@pantherdragon.org> In-Reply-To: <000001c30470$f9d63840$3401a8c0@neptune> References: <20030416144035.1f7711e1.dmp@pantherdragon.org> <000001c30470$f9d63840$3401a8c0@neptune>
next in thread | previous in thread | raw e-mail | index | archive | help
"C_Ahlers" <freebsd@code-space.com> wrote: >Am i missing something? > >if do: > >{...) >ipfw add divert natd all from any to any via $oif >ipfw add fwd b.b.b.100,80 tcp from b.b.b.0/24 to a.a.a.15 80 in via $iif >(...) > >And say, client b.b.b.57 attempts to connect to a.a.a.15:80 - the >forward rule will send out AS IS to b.b.b.100:80 on the internal >interface > >1) No NAT will occur because NAT is setup only on external interface Correct. >2) The packet's dest ipaddr is not changed: it is still a.a.a.15, and >will not be routed to anything on b.b.b.0/24 The forarding behaviour is explained in ipfw(8). >Do I need to NAT on $iif as well? Probably, unless you don't need the webserver to answering from the address the client expects it to.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030416172031.5497fc18.dmp>