From owner-freebsd-ipfw@FreeBSD.ORG  Tue Oct 21 11:29:50 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 978AE1065680
	for <freebsd-ipfw@freebsd.org>; Tue, 21 Oct 2008 11:29:50 +0000 (UTC)
	(envelope-from sem@FreeBSD.org)
Received: from mail.ciam.ru (mail.ciam.ru [213.247.195.75])
	by mx1.freebsd.org (Postfix) with ESMTP id 561728FC13
	for <freebsd-ipfw@freebsd.org>; Tue, 21 Oct 2008 11:29:50 +0000 (UTC)
	(envelope-from sem@FreeBSD.org)
Received: from dhcp250-210.yandex.ru ([87.250.250.210])
	by mail.ciam.ru with esmtpa (Exim 4.x)
	id 1KsFAc-00023k-UJ; Tue, 21 Oct 2008 15:13:02 +0400
Message-ID: <48FDB93E.9030604@FreeBSD.org>
Date: Tue, 21 Oct 2008 15:13:02 +0400
From: Sergey Matveychuk <sem@FreeBSD.org>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: John Hay <jhay@meraka.org.za>
References: <48FCF5DA.5060802@googlemail.com>	<20081021040349.GA29232@zibbi.meraka.csir.co.za>	<48FD5ED0.2030909@localhost.inse.ru>
	<20081021061005.GA34936@zibbi.meraka.csir.co.za>
In-Reply-To: <20081021061005.GA34936@zibbi.meraka.csir.co.za>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "Leander S." <leander.schaefer@googlemail.com>, freebsd-ipfw@freebsd.org,
	Roman Kurakin <rik@inse.ru>
Subject: Re: IPFW + Portforwarding
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2008 11:29:50 -0000

John Hay wrote:
> On Tue, Oct 21, 2008 at 08:47:12AM +0400, Roman Kurakin wrote:
>> John Hay wrote:
>>> On Mon, Oct 20, 2008 at 11:19:22PM +0200, Leander S. wrote:
>>> You have to catch it where it is going out and not in. Fwd only works
>>> when packets are out bound.
>>>  
>> But how this works for me?
>>
>> ipfw  fwd 192.168.0.4,3128 log logamount 1000 tcp from 172.22.4.0/24 to 
>> 172.22.4.254 dst-port 3128 setup in via vr0 keep-state
> 
> I don't know. I did not think it will work. The way I understand it,
> is that fwd is a little like routing, it does not change the ip
> packet, so in effect it only change the mac address of the next hop
> and the interface, if needed.

No. Really it does not meter where a packet was caught. It's marked for 
forwarding if it's matched with a fwd rule.

-- 
Dixi.
Sem.