From owner-freebsd-ipfw@FreeBSD.ORG  Wed Nov 28 06:12:25 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EC16A16A41A
	for <freebsd-ipfw@freebsd.org>; Wed, 28 Nov 2007 06:12:25 +0000 (UTC)
	(envelope-from sepherosa@gmail.com)
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.236])
	by mx1.freebsd.org (Postfix) with ESMTP id A82B713C47E
	for <freebsd-ipfw@freebsd.org>; Wed, 28 Nov 2007 06:12:25 +0000 (UTC)
	(envelope-from sepherosa@gmail.com)
Received: by nz-out-0506.google.com with SMTP id l8so909605nzf
	for <freebsd-ipfw@freebsd.org>; Tue, 27 Nov 2007 22:12:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	bh=9ezvb1GGutBBI7icft5VpOdKKe2twK7ucVNpqGV1dw4=;
	b=ezeqyn/r8d6LYznonD7Y4WnKKub3PyZseZkvCoSGlX22iX0YtEs7pb/EAe1KJr5+mSkk27H5WYNFDtp3KNc8DhKY7vW38XS8Gu+OyXBFTPST+wG24R6PYFlJ07lw/8AE+NKjy5ju7wXDkDnC7TgaIPBEjVHEsHl8BQJg3MRr1gY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=Qaw631d1inoblmt1ZQK99JQmQOwRxn/hWavfm0VOKWTvskDRWIhJGoFaP30K+04OrhZqDL24uoRwkZZql3a7gHyWx+qH29SBp7culZc5ei9l2sVYDndhKIWYyhNwhyZ2TH09fysiWNgosTRCXwUxlY7C0hoTuHv6eNuUsHChbqA=
Received: by 10.64.209.6 with SMTP id h6mr27667qbg.1196230344749;
	Tue, 27 Nov 2007 22:12:24 -0800 (PST)
Received: by 10.64.149.18 with HTTP; Tue, 27 Nov 2007 22:12:24 -0800 (PST)
Message-ID: <ea7b9c170711272212x3c0faf9eg6b314669431a821b@mail.gmail.com>
Date: Wed, 28 Nov 2007 14:12:24 +0800
From: "Sepherosa Ziehau" <sepherosa@gmail.com>
To: "Sam Wun" <swun2010@gmail.com>
In-Reply-To: <736c47cb0711272018k1e40b1b7v7edfa1d2b5d50891@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <736c47cb0711271803o46dd89d8te49d5969fd358d15@mail.gmail.com>
	<ea7b9c170711271940m70bb41c2se39a15d3519b98f8@mail.gmail.com>
	<736c47cb0711272018k1e40b1b7v7edfa1d2b5d50891@mail.gmail.com>
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw forwarding doesn't work - for more than 2 months. ---
	please help
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2007 06:12:26 -0000

On Nov 28, 2007 12:18 PM, Sam Wun <swun2010@gmail.com> wrote:
> I have read the manpages and freebsd handbook more than 20 tiems.

Oh?  Then I think you must have read this in ipfw manpage:
...
The fwd action does not change the contents of the packet at all.  In
particular, the destination address remains unmodified, so packets
forwarded to another system will usually be rejected by that system
unless there is a matching rule on that system to capture them.
...

Best Regards,
sephe

>
>
>
> On Nov 28, 2007 2:40 PM, Sepherosa Ziehau <sepherosa@gmail.com> wrote:
> > On Nov 28, 2007 10:03 AM, Sam Wun <swun2010@gmail.com> wrote:
> > > Hi,
> > >
> > > I setup the following ipfw rules in freebsd 6.2:
> > > belmore# ipfw list
> > > 00001 allow udp from any to any dst-port 500
> > > 00001 allow esp from any to any
> > > 00001 allow esp from any to any
> > > 00001 allow ipencap from any to any
> > > 00001 allow ipencap from any to any
> > > 00020 fwd 192.168.1.222 ip from any to 220.233.24.213 dst-port 80 in
> >
> > I don't think this does the rdr you intended.  Please take a look at
> > ipfw manpage.
> >
> > Best Regards,
> > sephe
> >
> > > I don't know what is wrong that the freebsd server (6.2) can't
> > > redirect/forward http request to an internal server (web server -
> > > 192.168.1.222).
> > >
> > > Can anyone please give suggestion to modify this rules?
> > > Or can you please post your workable ipfw rules that achieved the same goal?
> > >
> > > Thanks
> > > S
> > > _______________________________________________
> > > freebsd-ipfw@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
> > >
> >
> >
> >
> > --
> > Live Free or Die
> > _______________________________________________
> > freebsd-ipfw@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
> >
>



-- 
Live Free or Die