From owner-freebsd-questions  Sat Nov 25 14:47:28 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5B4ED37B4C5; Sat, 25 Nov 2000 14:47:25 -0800 (PST)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sat, 25 Nov 2000 14:45:54 -0800
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eAPMlOb96341;
	Sat, 25 Nov 2000 14:47:24 -0800 (PST)
	(envelope-from cjc)
Date: Sat, 25 Nov 2000 14:47:23 -0800
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: "John W. De Boskey" <jwd@FreeBSD.ORG>
Cc: Questions List <freebsd-questions@FreeBSD.ORG>
Subject: Re: ipfw fwd vs. natd redirect
Message-ID: <20001125144723.A12190@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <20001125070210.A38070@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20001125070210.A38070@FreeBSD.org>; from jwd@FreeBSD.ORG on Sat, Nov 25, 2000 at 07:02:10AM -0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Nov 25, 2000 at 07:02:10AM -0800, John W. De Boskey wrote:
> Hi,
> 
>    I'm looking at two variations to foward mail and web
> services from the firewall to the appropriate server
> hosts.
> 
>    Using natd and redirect, I have this working. However, I
> also want to see what the comparable setup using ipfw is.
> Unfortunately, I am unable to get this working. I have
> the following rule in place:
> 
> ${fwcmd} add fwd ${mailip},25 log tcp from any to ${oip} 25

This rule does not make a lot of sense. Including a port number on a
fwd to an external machine is meaningless.

> which produces the following log msg:
> 
> ipfw: 1400 Forward to ${mailip}:25 TCP remothost:1587 firewallip:25 in via fxp0

Hmmm... It should not be doing this from how I understand fwd,

ipfw(8):
             fwd ipaddr[,port]
                     ...                     ... If the IP is not a local ad-
                     dress then the port number (if specified) is ignored and
                     the rule only applies to packets leaving the system.


> a split second later, I get:
> 
> ipfw: 1500 Divert 8668 TCP firewallip:25 remotehost:1587 out via fxp0
> 
> 
>    Could someone (if anyone) who is using 'ipfw fwd' please send me
> an example where this is working?

I don't think you want to be using fwd. Remeber, fwd DOES NOT ALTER
THE CONTENTS OF THE PACKET. fwd DOES NOT DO NAT. fwd only changes
where the packet is sent to next.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message