Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Sep 2008 15:48:30 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Roman Kurakin <rik@inse.ru>
Cc:        Max Laier <max@love2party.net>, freebsd-net@freebsd.org
Subject:   Re: Firewall redirect doesn't work any more...
Message-ID:  <20080922134830.GA6797@garage.freebsd.pl>
In-Reply-To: <48D79E1C.3060003@inse.ru>
References:  <20080919075633.GA4333@garage.freebsd.pl> <20080919121602.GC4333@garage.freebsd.pl> <200809191538.02698.max@love2party.net> <20080922102209.GB2468@garage.freebsd.pl> <48D79E1C.3060003@inse.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 

--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 22, 2008 at 05:31:08PM +0400, Roman Kurakin wrote:
> So, could you draw you connections and related firewall rules. And the=20
> one you
> are trying to setup. I will also try to update the machine to the most=20
> recent 7 to
> see if my setup will stop working. Currently machine runs early=20
> September checkout.


client (10.0.1.1) -----> bridge (10.0.5.123) -----> server (10.0.0.2)=20

ifnet =3D "bridge0"
rdr on $ifnet proto tcp from any to any port 12345 -> 10.0.5.123 port 12345
rdr on $ifnet proto udp from any to any port 12345 -> 10.0.5.123 port 12345

net.inet.ip.forwarding=3D1

To test my redirection I run:

server# nc -u -l 12345
client# nc -u 10.0.0.2 12345

For UDP it works, for TCP it doesn't:

server# nc -l 12345
client# nc 10.0.0.2 12345

Although it works even with bridge0 and TCP connections, but when bridge
machine is treated as gateway, eg.

server# nc -l 12345
client# route add 1.0.0.0/24 10.0.5.123
client# nc 10.0.0.2 12345

> PS. Also check the mac address issue that was discussed here (case where =
the
> brdige0 and the first bridge member share the same MAC).

That's not the case on my test machines.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFI16IuForvXbEpPzQRAmamAKC/pd1b4K1SO5uzgj0xFtgbv5mQVQCfc5Ie
V3Bk3K0r3A4nY4i7othqicE=
=BZtj
-----END PGP SIGNATURE-----

--ew6BAiZeqk4r7MaW--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080922134830.GA6797>