Date: Fri, 02 Aug 2019 04:54:14 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 239590] ipfw rule doesn't forward TCP connections made through the host's LAN address Message-ID: <bug-239590-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239590 Bug ID: 239590 Summary: ipfw rule doesn't forward TCP connections made through the host's LAN address Product: Base System Version: 11.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: yuri@freebsd.org I need to forward incoming TCP connections made to my host 192.168.5.3 on t= he port 3100 to the IP address 10.0.0.101 port 3000 connected through another interface. These rules work when connection is made from a remote host: > ipfw -q nat 19001 config redirect_port tcp 10.0.0.101:3000 192.168.5.3:31= 00 > ipfw -q add 19001 nat 19001 tcp from any to 192.168.5.3 3100 in recv sk0 > ipfw -q add 19001 nat 19001 tcp from 10.0.0.101 3000 to any out xmit sk0 The problem: A similar firewall rule for connections from the host's LAN IP address (that pass through lo0) doesn't work: > ipfw -q add 19001 nat 19001 tcp from 192.168.5.3 to 192.168.5.3 3100 in r= ecv lo0 Wireshark shows that the incoming connection is from 192.168.5.3 to 192.168= .5.3 on 3100 but it gets immediately rejected instead of being forwarded. This rule looks very similar to the second rule above, just the interface is different. Why doesn't it work? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239590-227>