Date: Fri, 03 Sep 2004 13:20:57 -0600 From: Jose Hidalgo Herrera <jose@hostarica.com> To: George S <c0sine@yahoo.com> Cc: jose@hostarica.com Subject: Re: fwd'ing packet originally destined to local interface problem Message-ID: <1094239257.95873.1.camel@jose.hostarica.net> In-Reply-To: <20040903190040.58544.qmail@web40412.mail.yahoo.com> References: <20040903190040.58544.qmail@web40412.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I think you need: ipfw add 1 check-state ipfw add 2 skipto 10 ........ On Fri, 2004-09-03 at 13:00, George S wrote: > I am having some trouble with a specialized IDS testing framework I am > working on. > > Here is my setup: > -FreeBSD 5.2.1-release running with firewall options configured, bridging > off, default to accept > -fxp0: inet 10.0.0.50 netmask 255.255.255.0 > -fxp1: inet 192.168.1.3 netmask 255.255.255.0 > -default gateway 10.0.0.1 / no static-routes set > -ipfw ruleset as follows: > ipfw add 1 skipto 10 tcp from 10.0.0.50 to any setup recv fxp1 keep-state > ipfw add 5 allow ip from any to any > ipfw add 10 fwd 10.0.0.1 tcp from 10.0.0.50 to any > ipfw add 11 fwd 192.168.1.2 tcp from any to 10.0.0.50 > ipfw add 65536 allow ip from any to any > > When a custom packet (with src ip 10.0.0.50 and SYN bit) arrives at the fxp1 > interface, it is forwarded out of the fxp0 interface, as expected. When the > response (with dst ip 10.0.0.50 and SYN+ACK) arrives on fxp0 however, rule > #11 registers the packet by updating its counter, but the packet does not > get written out on the fxp1 wire, as I would expect (or hope) it to! > > Is this a problem with the code or my ruleset or did I erroneously predict > the resulting behaviour? > > Many thanks in advance for any help any guru here can provide. > > Kindest regards, > > George > > > > _______________________________ > Do you Yahoo!? > Win 1 of 4,000 free domain names from Yahoo! Enter now. > http://promotions.yahoo.com/goldrush > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" -- Jose Hidalgo Herrera <jose@hostarica.com> Corp. Hosta Rica
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1094239257.95873.1.camel>