From owner-freebsd-ipfw Wed Nov 22 7:12:11 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id CFBEC37B4C5 for ; Wed, 22 Nov 2000 07:12:08 -0800 (PST) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id IAA71694; Wed, 22 Nov 2000 08:12:04 -0700 (MST) Date: Wed, 22 Nov 2000 08:12:04 -0700 (MST) From: Nick Rogness To: Yusuf Goolamabbas Cc: freebsd-ipfw@freebsd.org Subject: Re: Port redirection using ipfw In-Reply-To: <20001122195942.A26979@outblaze.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 22 Nov 2000, Yusuf Goolamabbas wrote: > Hi, I am trying to solve the following problem. I have a machine with > a single Ethernet interface. I would like incoming packets sent to a > certain port on this machine to be redirected/forward to another > machine (different IP/subnet) and a different port > > I compile a 4.2-stable kernel with the following options > > options IPFIREWALL #firewall > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPDIVERT #divert sockets > options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default > > For e.g if the machine is at 10.0.0.2 and I want to forward incoming > packets at port 81 to 192.168.1.2 port 80. I wrote the following ipfw > rule > > > ipfw add fwd 192.168.1.2,80 log tcp from any to 10.0.0.2 81 Use divert (natd) and redirect_port instead of a port forward. There are several issues involved with port forwarding that makes it very tricky, it's just easier to use natd. > > However, this doesn't seem to work. Any ideas where I am going wrong > or this is not possible with ipfw and I need some other toolchain for > this Yes it is possible. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message