From owner-freebsd-net@FreeBSD.ORG Fri Sep 19 08:28:22 2008 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63880106567E for ; Fri, 19 Sep 2008 08:28:22 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206045082.chello.pl [87.206.45.82]) by mx1.freebsd.org (Postfix) with ESMTP id B8C828FC15 for ; Fri, 19 Sep 2008 08:28:21 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 26DD9456AB; Fri, 19 Sep 2008 09:56:28 +0200 (CEST) Received: from localhost (pjdwin.wheel.pl [10.0.1.9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 4629845684 for ; Fri, 19 Sep 2008 09:56:24 +0200 (CEST) Date: Fri, 19 Sep 2008 09:56:33 +0200 From: Pawel Jakub Dawidek To: freebsd-net@FreeBSD.org Message-ID: <20080919075633.GA4333@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: Subject: Firewall redirect doesn't work any more... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2008 08:28:22 -0000 --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =2E..or am I missing something? I've a box running: FreeBSD whiplash.wheel.pl 7.0-STABLE FreeBSD 7.0-STABLE #0: Wed Jul 23 11:4= 1:31 CEST 2008 root@puppet.wheel.pl:/usr/obj/usr/src/sys/WHIPLASH i386 I'm also running PF in there with the following rule: rdr on fxp0 proto tcp from 10.0.1.9 to 10.0.0.2 port 88 -> 10.0.5.123 port = 88 When I connect from 10.0.1.9 to 10.0.0.2:88 I can see redirected packet leaving the box: IP 10.0.1.9.43210 > 10.0.0.2.88: S [...] IP 10.0.1.9.43210 > 10.0.5.123.88: S [...] Ok. Now I've a box running: FreeBSD bridge.wheel.pl 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Thu Sep 1= 1 13:59:06 CEST 2008 root@bridge.wheel.pl:/usr/obj/usr/src/sys/BRIDGE i386 And the following PF rule: rdr on fxp0 proto tcp from 10.0.0.2 to 10.0.5.123 port 88 -> 10.0.1.9 port = 88 When I connect from 10.0.0.2 to 10.0.5.123:88 I no longer see redirected packet leaving the box: IP 10.0.0.2.60806 > 10.0.5.123.88: S [...] I tried to redirect packet on the second box with IPFW, but also failed (yes IPFIREWALL_FORWARD was compiled in). Does something got broken or am I missing some configuration hint? --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFI01svForvXbEpPzQRAiGfAKC4f34kz61S9Ilro/dqTTi3Klas7ACcCM9v RuezaeqC4+XgDXIHoprrvVc= =uR44 -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz--