Date: Sat, 29 Dec 2001 01:58:17 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: cjclark@alum.mit.edu Cc: Henry Su <henrysu@nttmcl.com>, freebsd-net@FreeBSD.ORG Subject: Re: Why is my ipfw(8) ``fwd'' rule to redirect a service to another machine not working? Message-ID: <Pine.BSF.4.21.0112290156100.97641-100000@InterJet.elischer.org> In-Reply-To: <20011228184516.B93411@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Dec 2001, Crist J . Clark wrote: > On Fri, Dec 28, 2001 at 01:31:07PM -0800, Julian Elischer wrote: > > You need to > > correct the FAQ.. > > > > "The correct way to ensure that this does not happen is to also add > > a 'fwd' rule on the destination rule, forwarding the packet > > to localhost. This will override the destination machine's tendancy > > to throw the forwarded packet back" > > I'm having a hard time parsing that. if you send a packet somewhere it is not supposed to go, it will try discard it or forward it, UNLESS it has an ipfw fwd rule that makes it forward it to a local port. So you need a rule at the interception machine and a rule at the destination machine. > > > Also, in versions of FreeBSD before 4.6, > > 4.6? yes, it will miss 4.5 > > > packets matched while INCOMING > > could only be forwarded to the local host. > > Which is what I thought the original poster was doing? > > > Outgoing packets > > could be forwarded to an adjoining host. > > This was fixed while 4.5 was cooking and appeared in releases after that. > > So will this be in 4.5? No > > > The port number is only used for forwarding to the local host. > > Which is what the original poster was doing? > -- > "It's always funny until someone gets hurt. Then it's hilarious." > > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0112290156100.97641-100000>