From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 13 18:21:31 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EDB516A41F for ; Tue, 13 Dec 2005 18:21:31 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail04.syd.optusnet.com.au (mail04.syd.optusnet.com.au [211.29.132.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D89743D97 for ; Tue, 13 Dec 2005 18:20:56 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail04.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jBDIKePk031457 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 14 Dec 2005 05:20:41 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jBDIKeHh078757; Wed, 14 Dec 2005 05:20:40 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jBDIKeUX078756; Wed, 14 Dec 2005 05:20:40 +1100 (EST) (envelope-from pjeremy) Date: Wed, 14 Dec 2005 05:20:39 +1100 From: Peter Jeremy To: OxY Message-ID: <20051213182039.GF77268@cirb503493.alcatel.com.au> References: <001701c6000a$86eab700$0201a8c0@oxy> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001701c6000a$86eab700$0201a8c0@oxy> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-hackers@freebsd.org Subject: Re: ipfw forwarding X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2005 18:21:32 -0000 On Tue, 2005-Dec-13 18:27:43 +0100, OxY wrote: >i used this rule: > >$cmd 00316 fwd x.x.x.x.204,80 tcp from any to x.x.x.28 80 > >what's wrong with it? You don't mention what is happening or not happening (running tcpdump and following packets as they go from system to system can be useful) but there are two issues you may not have considered. 1) Have you considered what will happen to packets being returned from the server on .28 to the client? 2) ipfw(8) states: The fwd action does not change the contents of the packet at all. In particular, the destination address remains unmodified, so packets forwarded to another system will usually be rejected by that system unless there is a matching rule on that system to capture them. For packets forwarded locally, the local address -- Peter Jeremy