Date: Tue, 2 Nov 1999 23:06:57 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: edirol@anime.ca (Edirol) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw fwd action problems Message-ID: <199911030406.XAA06994@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <002601bf2503$cd96b980$0300a8c0@anime.ca> from Edirol at "Nov 2, 1999 02:28:03 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Edirol wrote,
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> Hi there,
>
> I'm trying to setup a relay box that will basically forward all requests to
> port X on the relay box to port X on another machine on the net. So say:
>
> I telnet to 207.34.202.38:21 (relay box) everything would be passed on to
> another machine, say 24.1.64.72:21. Of course when the 24.1.64.72:21 box
> returns the packet to 207.34.202.68:21 that should also magically bounce
> back to the ip who originally connected to 207.34.202.38:21.
>
> If this is not possible the source ip (that originally connected to
> 207.34.202.38:21), could be fixed if that makes the firewall rules simpler.
>
> I've been tinkering with the following command
>
> ipfw add fwd otherbox,port tcp from any to relaybox X
>
> I'm sure something is forwarding somewhere but there doesn't appear to be
> traffic going both ways.
>
> Can someone advise me whether I've done this completely wrong or suggest
> another approach I should take?
In the ipfw(8) manpage,
"fwd ipaddr [,port] Change the next-hop on matching packets to ipaddr,
which can be an IP address in dotted quad or a host
name. If ipaddr is not a directly-reachable ad-
dress, the route as found in the local routing
table for that IP is used instead."
Allow me to translate. The next hop for the packet, _but not the
destination IP_ is changed to ipaddr. And note that this means that
the routers in between the fwd'ing machine and ipaddr have to know
what's up since the destination address is _not_ changed to ipaddr.
In summary, using 'ipfw fwd' is really not what you want to be
doing. You probably want to be using natd(8). It does what you want.
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911030406.XAA06994>