Date: Wed, 24 Jan 2018 01:41:45 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Alan Somers <asomers@freebsd.org>, "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Kristof Provost <kp@freebsd.org> Subject: Re: pf: redirect a packet's port but not its address? Message-ID: <5A6781E9.5060405@grosbein.net> In-Reply-To: <CAOtMX2i3ZPM8TjHQvSj6tSjjDCEQhD2jqJkb6jZCMh3VjK_nUg@mail.gmail.com> References: <CAOtMX2j80odQ7%2Bt3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru> <CAOtMX2jroiz57KyQZUk%2B4aW4=_1m=Qs7wEP=_3pEVL%2BE2jg22A@mail.gmail.com> <759792be-189f-bdaf-04c9-b01d26fa9e00@yandex.ru> <CAOtMX2i3ZPM8TjHQvSj6tSjjDCEQhD2jqJkb6jZCMh3VjK_nUg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
24.01.2018 1:26, Alan Somers wrote : >> # ipfw add fwd ::1,5678 tcp from any to any 4000 >> # nc -6 -l ::1 5678 >> >> And from another host tried: >> # telnet -6 fc00::1 4000 >> >> And this works. >> > > This does not work for me. When I try, tcpdump shows that the host running > ipfw returns an RST packet when it receives a SYN for port 4000. That > sounds like the fwd rule isn't working. And it's probably not working > because I'm a total ipfw n00b. Is there anything else I need to configure > in ipfw first? My rc.conf file looks like: > > firewall_enable="YES" > firewall_type="open" ipfw rules are always numbered and while ipfw allows you to not specify rule number when adding, it is wise to always specify it, or else it adds rules to the end of the list and that is not what you want dealing with pre-defined "open" ruleset. In short, use "ipfw add 2000 fwd ::1,5678 tcp from any to any 4000" Use "ipfw show" to check it out before and after running this command.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A6781E9.5060405>