From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 10 13:12:23 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 15E4F16A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Mar 2005 13:12:23 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C6BB43D48
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Mar 2005 13:12:22 +0000 (GMT)
	(envelope-from ftanasescu@gmail.com)
Received: by rproxy.gmail.com with SMTP id a41so497563rng
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Mar 2005 05:12:22 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
	b=rCiDIXf6dRcfq1h3OEy+b/cSlxjA2DE9aLECoyBvTAcwCzCeUTX7rNSasFKsH60WTPyw/jlWSC+Khz2BfCy8Z5dIpRoTRaUe2f+v0JqBFl/7iKsVExB7E0qpQZQYMvHHgxJ1t/wvvsL1/iIPRTXV5vJkfmtZmDH+7i16nGxR+FA=
Received: by 10.38.125.29 with SMTP id x29mr1727709rnc;
        Thu, 10 Mar 2005 05:12:21 -0800 (PST)
Received: by 10.38.98.24 with HTTP; Thu, 10 Mar 2005 05:12:20 -0800 (PST)
Message-ID: <76955fbe05031005125973018b@mail.gmail.com>
Date: Thu, 10 Mar 2005 08:12:20 -0500
From: Andrei Faust Tanasescu <ftanasescu@gmail.com>
To: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: ipfw tango
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Andrei Faust Tanasescu <ftanasescu@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2005 13:12:23 -0000

Hello, 

I have a legacy application that makes a direct connection to a
hardcoded IP address and port. I need this connection to be made
instead transparently through a SSH tunnel. For this to work, I need
to tell the kernel to forward all packets destined to myserver:myport
instead go to localhost:mySshTunnelPort.

So far so good. The tunnel works correctly yet I can't rewrite those
packets to go through the tunnel. Here's the rule

sudo ipfw add fwd localhost,5555 tcp from any to 12.129.232.116 3724 

All goes well, the rule is added, it's even hit, but it fails to work.
To make matters even more confusing, I've tried to forward ports only
on localhost i.e. a telnet on localhost 555 gets transparently
rewritten to localhost 333. Again, the rule is hit since the counter
is incremented in ipfw show, yet the connection is NEVER completed.

Any ideas?

-- 
Andrei Faust Tanasescu