From owner-freebsd-doc Mon Feb 5 17: 0:26 2001 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 335BE37B69F for ; Mon, 5 Feb 2001 17:00:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f16103317348; Mon, 5 Feb 2001 17:00:03 -0800 (PST) (envelope-from gnats) Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id F39CD37B491 for ; Mon, 5 Feb 2001 16:53:21 -0800 (PST) Received: from hornet.unixfreak.org (hornet [63.198.170.140]) by bazooka.unixfreak.org (Postfix) with ESMTP id 94E303E09; Mon, 5 Feb 2001 16:53:21 -0800 (PST) Received: (from dima@localhost) by hornet.unixfreak.org (8.11.1/8.11.1) id f160rLl18271; Mon, 5 Feb 2001 16:53:21 -0800 (PST) (envelope-from dima) Message-Id: <200102060053.f160rLl18271@hornet.unixfreak.org> Date: Mon, 5 Feb 2001 16:53:21 -0800 (PST) From: dima@unixfreak.org Reply-To: dima@unixfreak.org To: FreeBSD-gnats-submit@freebsd.org Cc: cjclark@alum.mit.edu X-Send-Pr-Version: 3.2 Subject: docs/24888: [PATCH] New FAQ entry about inappropriate use of ipfw(8) 'fwd' rules Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24888 >Category: docs >Synopsis: [PATCH] New FAQ entry about inappropriate use of ipfw(8) 'fwd' rules >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Feb 05 17:00:02 PST 2001 >Closed-Date: >Last-Modified: >Originator: Dima Dorfman >Release: FreeBSD 4.2-20010102-STABLE i386 >Organization: Private >Environment: Not relevant. >Description: Users new to the ipfw(8) interface often attempt to use ``fwd'' rules when they should be using NAT; they mistakenly think that ipfw(8) will rewrite destination of the forwarded packet, when it fact it does not. This FAQ entry attempts to explain why their rules don't work as expected. >How-To-Repeat: Read -questions. >Fix: Apply the following patch to doc/en_US.ISO_8859-1/books/faq/book.sgml. The actual text was written by Crist J. Clark . Please credit him in the commit log. Index: book.sgml =================================================================== RCS file: /st/src/FreeBSD/doc/en_US.ISO_8859-1/books/faq/book.sgml,v retrieving revision 1.142 diff -u -r1.142 book.sgml --- book.sgml 2001/02/02 03:16:45 1.142 +++ book.sgml 2001/02/06 00:44:07 @@ -8179,6 +8238,41 @@ + + + + + + Why is my &man.ipfw.8; fwd rule to redirect a + service to another machine not working? + + + + Possibly because you want to do network address translation + (NAT) and not just forward packets. A fwd rule + does exactly what it says; it forwards packets. It does not + actually change the data inside the packet. Say we have a rule + like: + + 01000 fwd 10.0.0.1 from any to foo 21 + + When a packet with a destination address of + foo arrives at the machine with this + rule, the packet is forwarded to + 10.0.0.1, but it still has the + destination address of foo! The + destination address of the packet is not + changed to 10.0.0.1. Most machines + would probably drop a packet that they receive with a + destination address that is not their own. Therefore, using a + fwd rule does not often work the way the user + expects. This behavior is a feature and not a bug. + + See the FAQ about + redirecting services, the &man.natd.8; manual, or one of + the several port redirecting utilities in the ports collection for a correct way to do + this. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message