Date: Mon, 25 Jun 2001 14:44:23 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Tim Erlin <tperlin@yahoo.com> Cc: questions@FreeBSD.ORG Subject: Re: ipfw -- fwd, divert, natd -redirect_port? Message-ID: <Pine.BSF.4.21.0106251418310.42332-100000@cody.jharris.com> In-Reply-To: <20010625165405.93596.qmail@web11703.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Jun 2001, Tim Erlin wrote: > I currently have 4.3-STABLE running NAT on my DSL(static ip). I'd like > to put a webserver (or any other service) behind it and map the > incoming port appropriately. I see three choices with ipfw and I'm not > sure what the differences are. > > How does fwd differ from divert differ from running natd with > -redirect_port? ipfw fwd does not change the src/dst within the packet header...it just forwards the packet. redirect_port will actually change the contents of the header, usually to send to an "inside" address. So, if you don't want change any IP addresses in the packet, then fwd is the way to go. Like for squid or some other proxy server apps. But, you have DSL with one static IP which means you will be doing natd redirect_port. See, a packet comes into your machine from the outside world with source and destination like so: Source (Internet) Destination (Your Machine) =========================================== 23.24.25.1 208.33.22.1 But you want to send that request to an internal machine behind 208.33.22.1, say 192.168.10.1. So the redirect_port statement should be used because you need to change the destination of the above packet from 208.33.22.1 to 192.168.10.1. The same thing happens on the return to the internet from 192.168.10.1. fwd would simply forward the packet to 192.168.10.1, but keeping the header intact with the above listed source/dest. (Note: fwd only works on outbound traffic) Hope this helps. Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0106251418310.42332-100000>