Date: Mon, 12 Jul 2004 09:27:13 +0200 From: Ian FREISLICH <if@hetzner.co.za> To: "Steve Bertrand" <iaccounts@ibctech.ca> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW fwd to remote address Message-ID: <E1BjvDV-00003L-00@hetzner.co.za> In-Reply-To: Message from "Steve Bertrand" <iaccounts@ibctech.ca> <3743.209.167.16.15.1089391473.squirrel@209.167.16.15>
next in thread | previous in thread | raw e-mail | index | archive | help
"Steve Bertrand" wrote: > I am trying to set up a forward from one machine to another on a remote > network across the Internet. > > I want to receive requests on one box on port 8080 and simply forward them > to a remote machine on the same port. I have tried the following rules, to > no avail. I have IPFIREWALL_FORWARD in my kernel (4.10), and # ipfw show > reports the hits to the rule. > > # ipfw add 1000 fwd 216.209.x.x tcp from any to me 8080 > # ipfw add 1000 fwd 216.209.x.x,8080 tcp from any to me 8080 > # ipfw add 1000 fwd 216.209.x.x tcp from any to me 8080 > # ipfw add 1000 fwd 216.209.x.x,8080 from any to any 8080 > > I can not see the packets going back out of the machine, nor does ipfw log > anything at the other end. # tcpdump at the remote end does not pick up > any traffic. > > Does this have something to do with the fact that I am going across the > Internet, and it is trying to route the packets back to itself (I > understand the dest does not get changed). If so, how could I re-write the > packets so they will get delivered? I would imagine so. From the manual page: fwd | forward ipaddr[,port] Change the next-hop on matching packets to ipaddr, which can be an IP address in dotted quad format or a host name. The search terminates if this rule matches. The next hop must be on your local network, otherwise is isn't really the next hop. The next hop will route the packets forwarded to it by this rule. It sounds like you want to rewrite the destination address in the packets. Have a look at natd(8). It may turn out to be more complicated than you think because the source address from the other side will be wrong for returning packets, so you'll have to rewrite those as well. What are you trying to achieve? Ian -- Ian Freislich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1BjvDV-00003L-00>