From owner-freebsd-doc  Sun Jan 28 15:38:30 2001
Delivered-To: freebsd-doc@freebsd.org
Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138])
	by hub.freebsd.org (Postfix) with ESMTP id A27DA37B400
	for <doc@freebsd.org>; Sun, 28 Jan 2001 15:38:12 -0800 (PST)
Received: by bazooka.unixfreak.org (Postfix, from userid 1000)
	id 590E53E02; Sun, 28 Jan 2001 15:38:12 -0800 (PST)
Received: from unixfreak.org (localhost [127.0.0.1])
	by bazooka.unixfreak.org (Postfix) with ESMTP
	id 522703C10B; Sun, 28 Jan 2001 15:38:12 -0800 (PST)
To: cjclark@alum.mit.edu
Cc: doc@freebsd.org
Subject: Re: Possible FAQ Entry: ipfw(8) fwd Rules 
In-Reply-To: Message from "Crist J. Clark" <cjclark@reflexnet.net> 
   of "Sun, 28 Jan 2001 13:43:00 PST." <20010128134300.X10761@rfx-216-196-73-168.users.reflex> 
Date: Sun, 28 Jan 2001 15:38:07 -0800
From: Dima Dorfman <dima@unixfreak.org>
Message-Id: <20010128233812.590E53E02@bazooka.unixfreak.org>
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Another question I am sick of answering on the lists. People try to
> [...]
> 9.20.1. Why is my ipfw(8) 'fwd' rule to redirect a service to
> another machine not working?

Attached is a marked up version.  I made a few mechanical
modifications to help it fit in the DocBook scheme, but other than
that it should be identical to your text version.  You can preview the
rendered version at:
http://www.unixfreak.org/~dima/home/freebsd/data/FAQ/networking.html#IPFW-FWD

Comments?

					Dima Dorfman
					dima@unixfreak.org


Index: book.sgml
===================================================================
RCS file: /st/src/FreeBSD/doc/en_US.ISO_8859-1/books/faq/book.sgml,v
retrieving revision 1.140
diff -u -r1.140 book.sgml
--- book.sgml	2001/01/18 01:14:24	1.140
+++ book.sgml	2001/01/28 23:25:39
@@ -8136,6 +8186,41 @@
               </listitem>
             </itemizedlist></para>
 
+        </answer>
+      </qandaentry>
+
+      <qandaentry>
+        <question id="ipfw-fwd">
+          <para>Why is my &man.ipfw.8; <quote>fwd</quote> rule to redirect a
+            service to another machine not working?</para>
+        </question>
+
+        <answer>
+          <para>Possibly because you want to do network address translation
+            (NAT) and not just forward packets.  A <quote>fwd</quote> rule
+            does exactly what it says; it forwards packets.  It does not
+            actually change the data inside the packet.  Say we have a rule
+            like:</para>
+
+          <screen>01000 fwd <replaceable>10.0.0.1</replaceable> from any to <replaceable>foo 21</replaceable></screen>
+
+          <para>When a packet with a destination address of
+            <replaceable>foo</replaceable> arrives at the machine with this
+            rule, the packet is forwarded to
+            <replaceable>10.0.0.1</replaceable>, but it still has the
+            destination address of <replaceable>foo</replaceable>!  The
+            destination address of the packet is <emphasis>not</emphasis>
+            changed to <replaceable>10.0.0.1</replaceable>.  Most machines
+            would probably drop a packet that they receive with a
+            destination address that is not their own.  Therefore, using a
+            <quote>fwd</quote> rule does not often work the way the user
+            expects.  This behavior is a feature and not a bug.</para>
+
+          <para>See the <link linkend="service-redirect">FAQ about
+            redirecting services</link>, the &man.natd.8; manual, or one of
+            the several port redirecting utilities in the <ulink
+            url="../ports/">ports collection</ulink> for a correct way to do
+            this.</para>
         </answer>
       </qandaentry>
 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message