From owner-freebsd-doc Sun Jan 28 13:43: 9 2001 Delivered-To: freebsd-doc@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 9AEC337B699 for ; Sun, 28 Jan 2001 13:42:48 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 28 Jan 2001 13:40:58 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f0SLh1K90827 for doc@freebsd.org; Sun, 28 Jan 2001 13:43:01 -0800 (PST) (envelope-from cjc) Date: Sun, 28 Jan 2001 13:43:00 -0800 From: "Crist J. Clark" To: doc@freebsd.org Subject: Possible FAQ Entry: ipfw(8) fwd Rules Message-ID: <20010128134300.X10761@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Another question I am sick of answering on the lists. People try to use an ipfw(8) fwd rule inappropriately when they should be using NAT. An entry on this in the FAQ would fit right in with 9.20. I made a flat text, first pass at such an entry. Please double check that I am a recipient of any mails, I am not currently subscribed to -doc. Thanks. 9.20.1. Why is my ipfw(8) 'fwd' rule to redirect a service to another machine not working? Because you probably want to do network address translation (NAT) and not just forward packets. A 'fwd' rule does exactly what it says, it forwards packets. It does not actually change the data inside the packet. Say we have a rule like, 01000 fwd 10.0.0.1 from any to foo 21 When a packet with a destination address of 'foo' arrives at the machine with this rule, the packet is forwarded to 10.0.0.1, but the packet still has the destination address of 'foo.' The destination address of the packet is not changed to 10.0.0.1. Most machines would probably drop a packet that they receive with a destination address that is not their own. Therefore, using a 'fwd' rule does not often work the way the naive user expects. This behavior is a feature and not a bug. See the answer to 9.20, natd(8), or one of the several port redirecting utilities in the ports collection for a correct way to do this. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message