Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Sep 2004 19:28:45 +0300 (EEST)
From:      Cristian Ursuleanu <cristi@debug.ro>
To:        Thomas Wolf <tw@wsf.at>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw & natd
Message-ID:  <20040920192709.K29498@debug.ro>
In-Reply-To: <20040920084359.eei75hutjsgs88@.mailhost.wsf.at>
References:  <20040920084359.eei75hutjsgs88@.mailhost.wsf.at>
next in thread | previous in thread | raw e-mail | index | archive | help 


from ipfw manual:

"divert port
		     Divert packets that match this rule to the divert(4)
		     socket bound to port port.	 The search terminates.
						     -----------------
"


On Mon, 20 Sep 2004, Thomas Wolf wrote:

>
> Cristian Ursuleanu <cristi@debug.ro> schrieb:
>
> >
> >
> > Hi,
> >
> > I have a problem with ipfw:
> >
> >
> > (10.0.0.x)     (ed0)(10.0.0.1)(rl0)     (1.2.3.4)
> > --LAN----------------FreeBSD--------------ISP_1
> >                         |
> >                         |(rl1)
> >                         |
> >                         |               (5.6.7.8)
> >                         |_________________ISP_2
> >
> >
> >
> > thw default route is 1.2.3.4
> > ( $ route add -net 0.0.0.0 1.2.3.4 )
> >
> > I want to forward only port 80 from LAN to ISP_2 .
> >
> > I do:
> > $ natd -p 8668 -interface rl0
> > $ natd -p 8669 -interface rl1
> >
> > $ ipfw add 500 fwd 5.6.7.8 tcp from 10.0.0.0/24 to any 80
> > $ ipfw add 1000 divert 8668 all from any to any rl0
> > $ ipfw add 2000 divert 8669 all from any to any rl1
> >
> > and it's seems not to work .
> > 'tcpdump' on rl1 show connections from 10.0.0.2.3122 > WEB_SERVER.80 , and
> > it must be: 5.6.7.8 > WEB_SERVER.80
> >
> > is missing the natd .
> >
> > what is wrong?
>
> The 'fwd' action terminates the search through the ruleset, so
> your rule 2000 will never match on outgoing packets to :80.
> Try putting the 'fwd' statement after 2000 ('divert' re-injects
> packets at the next rule), something like this:
> add 2010 fwd 5.6.7.8 tcp from any to any 80 out recv ed0.
>
> Thomas
>
> --
> Thomas Wolf
> Wiener Software Fabrik
> Dubas u. Wolf GMBH
> 1050 Wien, Mittersteig 4
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040920192709.K29498>