Date: Wed, 22 Sep 2004 10:59:15 -0300 From: R2 <R2@infolinks.com.br> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw & natd Message-ID: <41518533.8050607@infolinks.com.br> In-Reply-To: <20040920230225.Y58694@debug.ro> References: <20040920084359.eei75hutjsgs88@.mailhost.wsf.at> <1095699476.14974.13.camel@jose.hostarica.net> <20040920230225.Y58694@debug.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
Cristian Ursuleanu wrote: >you are wight! > >but, I do some tests and it seems to work only when: >net.inet.ip.fw.one_pass=0 > >if net.inet.ip.fw.one_pass=0 then packets are reinjected into firewall , >and when net.inet.ip.fw.one_pass=1 are not. > >I use: FreeBSD 4.10 STABLE , and ipfw1. > >"net.inet.ip.fw.one_pass: 1 > Forces a single pass through the firewall. If set to 0, > packets coming out of a pipe will be reinjected into the > firewall starting with the rule after the matching one. >" > > >On Mon, 20 Sep 2004, Jose Hidalgo Herrera wrote: > > > >>You are right, but Tomas too!, >> >>what is missing here is: >># sysctl -w net.inet.ip.fw.one_pass=1 >> >>Use the divert first, with one_pass=1 the package will >>be reinjected and the your fwd rule will work just fine. >> >>--- this will do >> sysctl -w net.inet.ip.fw.one_pass=1 >> >> natd -p 8668 -interface rl0 >> natd -p 8669 -interface rl1 >> >> ipfw add 1000 divert 8668 all from any to any rl0 >> ipfw add 2000 divert 8669 all from any to any rl1 >> ipfw add 2010 fwd 5.6.7.8 tcp from 10.0.0.0/24 to any 80 out recv ed0 >>--- >>-- >>Jose Hidalgo >>PGP: 15524480 >>jose at hostarica.com >>http://www.hostarica.com >> >> >> >> >> >_______________________________________________ >freebsd-ipfw@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > You can use this ipfw configuration to solve you problem : ipfw add 100 skipto 2000 all from any to any 80 out xmit rl0 ipfw add 1000 divert natd all from any to any via rl0 ipfw add 2000 divert natd2 all from any to any via rl1 ipfw fwd 5.6.7.9 all from 5.6.7.8 to any out xmit rl0 PS: Default route are sent to rl0 interface and is a necessary to forward all packets with sorce ip 5.6.7.8 to next-hop 5.6.7.9, this last ip is a remote interface of your sevice provider.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41518533.8050607>