Date: Mon, 20 Sep 2004 06:43:59 -0000 From: Thomas Wolf <tw@wsf.at> To: Cristian Ursuleanu <cristi@debug.ro>, freebsd-ipfw@freebsd.org Subject: Re: ipfw & natd Message-ID: <20040920084359.eei75hutjsgs88@.mailhost.wsf.at>
next in thread | raw e-mail | index | archive | help
Cristian Ursuleanu <cristi@debug.ro> schrieb:
>
>
> Hi,
>
> I have a problem with ipfw:
>
>
> (10.0.0.x) (ed0)(10.0.0.1)(rl0) (1.2.3.4)
> --LAN----------------FreeBSD--------------ISP_1
> |
> |(rl1)
> |
> | (5.6.7.8)
> |_________________ISP_2
>
>
>
> thw default route is 1.2.3.4
> ( $ route add -net 0.0.0.0 1.2.3.4 )
>
> I want to forward only port 80 from LAN to ISP_2 .
>
> I do:
> $ natd -p 8668 -interface rl0
> $ natd -p 8669 -interface rl1
>
> $ ipfw add 500 fwd 5.6.7.8 tcp from 10.0.0.0/24 to any 80
> $ ipfw add 1000 divert 8668 all from any to any rl0
> $ ipfw add 2000 divert 8669 all from any to any rl1
>
> and it's seems not to work .
> 'tcpdump' on rl1 show connections from 10.0.0.2.3122 > WEB_SERVER.80 , and
> it must be: 5.6.7.8 > WEB_SERVER.80
>
> is missing the natd .
>
> what is wrong?
The 'fwd' action terminates the search through the ruleset, so
your rule 2000 will never match on outgoing packets to :80.
Try putting the 'fwd' statement after 2000 ('divert' re-injects
packets at the next rule), something like this:
add 2010 fwd 5.6.7.8 tcp from any to any 80 out recv ed0.
Thomas
--
Thomas Wolf
Wiener Software Fabrik
Dubas u. Wolf GMBH
1050 Wien, Mittersteig 4
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040920084359.eei75hutjsgs88>