Date: Tue, 21 Oct 2008 15:13:02 +0400 From: Sergey Matveychuk <sem@FreeBSD.org> To: John Hay <jhay@meraka.org.za> Cc: "Leander S." <leander.schaefer@googlemail.com>, freebsd-ipfw@freebsd.org, Roman Kurakin <rik@inse.ru> Subject: Re: IPFW + Portforwarding Message-ID: <48FDB93E.9030604@FreeBSD.org> In-Reply-To: <20081021061005.GA34936@zibbi.meraka.csir.co.za> References: <48FCF5DA.5060802@googlemail.com> <20081021040349.GA29232@zibbi.meraka.csir.co.za> <48FD5ED0.2030909@localhost.inse.ru> <20081021061005.GA34936@zibbi.meraka.csir.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
John Hay wrote: > On Tue, Oct 21, 2008 at 08:47:12AM +0400, Roman Kurakin wrote: >> John Hay wrote: >>> On Mon, Oct 20, 2008 at 11:19:22PM +0200, Leander S. wrote: >>> You have to catch it where it is going out and not in. Fwd only works >>> when packets are out bound. >>> >> But how this works for me? >> >> ipfw fwd 192.168.0.4,3128 log logamount 1000 tcp from 172.22.4.0/24 to >> 172.22.4.254 dst-port 3128 setup in via vr0 keep-state > > I don't know. I did not think it will work. The way I understand it, > is that fwd is a little like routing, it does not change the ip > packet, so in effect it only change the mac address of the next hop > and the interface, if needed. No. Really it does not meter where a packet was caught. It's marked for forwarding if it's matched with a fwd rule. -- Dixi. Sem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48FDB93E.9030604>