From owner-freebsd-net  Fri Dec 28 13:40:16 2001
Delivered-To: freebsd-net@freebsd.org
Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5C54337B41B; Fri, 28 Dec 2001 13:40:14 -0800 (PST)
Received: from InterJet.elischer.org ([12.232.206.8])
          by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20011228214014.MZND6450.rwcrmhc52.attbi.com@InterJet.elischer.org>;
          Fri, 28 Dec 2001 21:40:14 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA94627;
	Fri, 28 Dec 2001 13:31:08 -0800 (PST)
Date: Fri, 28 Dec 2001 13:31:07 -0800 (PST)
From: Julian Elischer <julian@elischer.org>
To: "Crist J . Clark" <cjc@FreeBSD.ORG>
Cc: Henry Su <henrysu@nttmcl.com>, freebsd-net@FreeBSD.ORG
Subject: Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to another
 machine not working?
In-Reply-To: <20011227231922.N2090@blossom.cjclark.org>
Message-ID: <Pine.BSF.4.21.0112281326060.94344-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

You need to 
correct the FAQ..

"The correct way to ensure that this does not happen is to also add
a 'fwd' rule on the destination rule, forwarding the packet 
to localhost. This will override the destination machine's tendancy
to throw the forwarded packet back"


Also, in versions of FreeBSD before 4.6, packets matched while INCOMING
could only be forwarded to the local host. Outgoing packets
could be forwarded to an adjoining host.
This was fixed while 4.5 was cooking and appeared in releases after that.
The port number is only used for forwarding to the local host.

On Thu, 27 Dec 2001, Crist J . Clark wrote:

> On Thu, Dec 27, 2001 at 05:42:16PM -0800, Henry Su wrote:
> > 
> > http://www.unixguide.net/freebsd/faq/09.20.shtml
> > 
> > Is there a way to configure your machine not drop these packets?
> 
> I wrote that FAQ entry for people directing packets to another
> machine. When you are forwarding the packets to 127.0.0.1, the local
> machine, it is not an issue. The packets will be "accepted" by the
> system. (But that doesn't mean the application will behave well.)
> -- 
> "It's always funny until someone gets hurt. Then it's hilarious."
> 
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message