From owner-freebsd-net  Sat Jan 27  1: 2:44 2001
Delivered-To: freebsd-net@freebsd.org
Received: from rapidnet.com (rapidnet.com [205.164.216.1])
	by hub.freebsd.org (Postfix) with ESMTP id B850337B6B3
	for <freebsd-net@freebsd.org>; Sat, 27 Jan 2001 01:02:26 -0800 (PST)
Received: from localhost (nick@localhost)
	by rapidnet.com (8.9.3/8.9.3) with ESMTP id CAA10085
	for <freebsd-net@freebsd.org>; Sat, 27 Jan 2001 02:02:25 -0700 (MST)
Date: Sat, 27 Jan 2001 02:02:25 -0700 (MST)
From: Nick Rogness <nick@rapidnet.com>
To: freebsd-net@freebsd.org
Subject: ipfw fwd
Message-ID: <Pine.BSF.4.21.0101270147530.6443-100000@rapidnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Couple of comments on ipfw fwd.

After playing around with the forward feature of ipfw, I ran into a couple
of interesting things.  First let me give you my test lab environment
diagram:

				Internet
				|
				xl0
				|
	192.168.10.1 ----ed1---FreeBSD
				|
				fxp0
				|
				192.168.20.0/24

After adding the command:

	ipfw add 100 fwd 192.168.10.1 tcp from any to any 80 in via fxp0

I see no packet arrive at host 192.168.10.1.  Do forwarded packets
re-enter the firewall for a given outgoing interface?  In this case
ed1 ?  Or are they somehow skipped and just routed out the interface after
a match is made?

After changing the above ipfw command to 'out via xl0' I start seeing
incoming packets on the 192.168.10.1 host.  Do IPFW Forward rules only
apply to outgoing style rules?


Nick Rogness
- Keep on routing in a Free World...  
  "FreeBSD: The Power to Serve "



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message