From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 13 18:52:08 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC6AD16A433 for ; Tue, 13 Dec 2005 18:52:08 +0000 (GMT) (envelope-from oxy@field.hu) Received: from dumballah.tvnet.hu (dumballah.tvnet.hu [195.38.96.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E52443D77 for ; Tue, 13 Dec 2005 18:51:53 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (localhost.localdomain [127.0.0.1]) by dumballah.tvnet.hu (Postfix) with ESMTP id D9DB110199D for ; Tue, 13 Dec 2005 19:51:51 +0100 (CET) Received: from dumballah.tvnet.hu ([127.0.0.1]) by localhost (dumballah.tvnet.hu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06664-24 for ; Tue, 13 Dec 2005 19:51:51 +0100 (CET) Received: from oxy (dsl195-38-110-3.pool.tvnet.hu [195.38.110.3]) by dumballah.tvnet.hu (Postfix) with SMTP id 792061018D2 for ; Tue, 13 Dec 2005 19:51:51 +0100 (CET) Message-ID: <000e01c60016$48f84af0$0201a8c0@oxy> From: "OxY" To: References: <001701c6000a$86eab700$0201a8c0@oxy> <20051213182039.GF77268@cirb503493.alcatel.com.au> Date: Tue, 13 Dec 2005 19:51:53 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Virus-Scanned: by amavisd-new at tvnet.hu Subject: Re: ipfw forwarding X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2005 18:52:08 -0000 both addresses are on the same box, just 2 public ips.. .28 is the jail, .204 is one of the hosts alias ----- Original Message ----- From: "Peter Jeremy" To: "OxY" Cc: Sent: Tuesday, December 13, 2005 7:20 PM Subject: Re: ipfw forwarding > On Tue, 2005-Dec-13 18:27:43 +0100, OxY wrote: >>i used this rule: >> >>$cmd 00316 fwd x.x.x.x.204,80 tcp from any to x.x.x.28 80 >> >>what's wrong with it? > > You don't mention what is happening or not happening (running tcpdump > and following packets as they go from system to system can be useful) > but there are two issues you may not have considered. > 1) Have you considered what will happen to packets being returned from > the server on .28 to the client? > 2) ipfw(8) states: > The fwd action does not change the contents of the packet at all. > In particular, the destination address remains unmodified, so > packets forwarded to another system will usually be rejected by > that system unless there is a matching rule on that system to > capture them. For packets forwarded locally, the local address > > -- > Peter Jeremy