Date: Wed, 18 Feb 2009 15:35:59 +0000 From: Paul Thornton <prt@prt.org> To: freebsd-net@freebsd.org Subject: Re: ipfw problems using divert and fwd at the same time with 6.3-release Message-ID: <499C2ADF.3070700@prt.org> In-Reply-To: <49995AB5.50200@prt.org> References: <49995AB5.50200@prt.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I have found the error of my ways... For the purposes of the archives, I'm posting what actually made this work. It is a very simple fix and I don't quite know how I missed trying this out during my frustrations. Before the "ipfw fwd..." line you need one or more "ipfw skipto..." lines to ensure that you don't accidentally match the more specific addresses on the fwd. What's interesting is that I'd had "ipfw allow..." lines before the "ipfe fwd..." line doing a similar thing to skipto, and it didn't work. So I amended the ruleset to the following (other rules stay the same): > 06000 515 153945 divert 8668 ip from any to me via em0 > 07000 48 5472 skipto 32000 ip from 10.81.0.0/16 to 217.65.161.4 dst-port 80 > 07100 0 0 skipto 32000 ip from 10.81.129.0/24 to any > 08000 94 10434 fwd 127.0.0.1,8000 tcp from 10.81.0.0/16 to any dst-port 80 > 32000 499 230890 allow ip from any to any Paul.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?499C2ADF.3070700>