From owner-freebsd-net@FreeBSD.ORG Thu May 13 18:44:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 482A616A4CE for ; Thu, 13 May 2004 18:44:05 -0700 (PDT) Received: from mail.sharmannetworks.com (mail.sharmannetworks.com [210.8.93.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB3A243D53 for ; Thu, 13 May 2004 18:44:03 -0700 (PDT) (envelope-from freebsd@meijome.net) Received: from meijome.net ([192.168.1.137]) by mail.sharmannetworks.com over TLS secured channel with Microsoft SMTPSVC(5.0.2195.5329); Fri, 14 May 2004 11:43:58 +1000 Message-ID: <40A4245E.5030409@meijome.net> Date: Fri, 14 May 2004 11:43:58 +1000 From: Norberto Meijome User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-au, en, es, es-ar MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 14 May 2004 01:43:58.0665 (UTC) FILETIME=[ECD53B90:01C43954] Subject: divert with ipnat instead of ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 01:44:05 -0000 Hi all, My setup : -- FreeBSD hostname 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #2: Wed Apr 28 09:40:43 EST 2004 fxp0 : link to the outside world fxp1 : link to LAN fxp2 : link to DMZ ipf firewall ipnat for LAN and rdr for services. -- I'm running tcpmssd to fix MSS: /usr/local/bin/tcpmssd -p 1000 -i fxp2 and I have the ipfw line that redirects all the traffic from fxp2 into tcpmssd: ipfw add divert 1000 tcp from x.x.x.x/y to any out via fxp0 setup (where x.x.x.x/y is the subnet behind fxp2). This works fine, but I was wondering how to do this with ipnat's rdr configuration line (rather keep ipfw for bwlimiting). I haven't managed to figure out how to redirect ALL traffic from fxp2 to that port. I can do it on a port by part basis, but I need all traffic to go through it. I tried : rdr fxp2 0.0.0.0/0 port 0-65535 -> 127.0.0.1 port 1000 but tcpmssd with -v showed no made. ipfw not used for anything else right now. Any hints? Thanks!! Beto