From owner-freebsd-questions Tue Nov 2 20: 3:45 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 562C014DA5 for ; Tue, 2 Nov 1999 20:03:42 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id XAA06994; Tue, 2 Nov 1999 23:06:57 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199911030406.XAA06994@cc942873-a.ewndsr1.nj.home.com> Subject: Re: ipfw fwd action problems In-Reply-To: <002601bf2503$cd96b980$0300a8c0@anime.ca> from Edirol at "Nov 2, 1999 02:28:03 am" To: edirol@anime.ca (Edirol) Date: Tue, 2 Nov 1999 23:06:57 -0500 (EST) Cc: freebsd-questions@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Edirol wrote, [Charset iso-8859-1 unsupported, filtering to ASCII...] > Hi there, > > I'm trying to setup a relay box that will basically forward all requests to > port X on the relay box to port X on another machine on the net. So say: > > I telnet to 207.34.202.38:21 (relay box) everything would be passed on to > another machine, say 24.1.64.72:21. Of course when the 24.1.64.72:21 box > returns the packet to 207.34.202.68:21 that should also magically bounce > back to the ip who originally connected to 207.34.202.38:21. > > If this is not possible the source ip (that originally connected to > 207.34.202.38:21), could be fixed if that makes the firewall rules simpler. > > I've been tinkering with the following command > > ipfw add fwd otherbox,port tcp from any to relaybox X > > I'm sure something is forwarding somewhere but there doesn't appear to be > traffic going both ways. > > Can someone advise me whether I've done this completely wrong or suggest > another approach I should take? In the ipfw(8) manpage, "fwd ipaddr [,port] Change the next-hop on matching packets to ipaddr, which can be an IP address in dotted quad or a host name. If ipaddr is not a directly-reachable ad- dress, the route as found in the local routing table for that IP is used instead." Allow me to translate. The next hop for the packet, _but not the destination IP_ is changed to ipaddr. And note that this means that the routers in between the fwd'ing machine and ipaddr have to know what's up since the destination address is _not_ changed to ipaddr. In summary, using 'ipfw fwd' is really not what you want to be doing. You probably want to be using natd(8). It does what you want. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message