Date: Tue, 17 Jul 2001 08:00:38 -0400 (EDT) From: Thomas David Rivers <rivers@dignus.com> To: freebsd-questions@freebsd.org Subject: ipfw & fwd? (and natd?) Message-ID: <200107171200.f6HC0cB40770@lakes.dignus.com>
next in thread | raw e-mail | index | archive | help
I've been trying to redirect a certain port number to a telnet
port on another network...
It's been pointed out that natd won't do that for me; because
of the "other" network issue (although, perhaps it should, hard
to say.)
Here's the set up:
xl0 is the "outside" interface.
x1l is the "inside" interface (10.0.0.x) network
tun0 is the VPN interface to the other (10.1.0.x) network.
I'd like to redirect incoming tcp/up connections on port 5000 via xl0
to a telnet connection on a machine in the 10.1.0.x network.
So - some of us were thinking that perhaps natd, in combination
with ipfw fwd would work... making a "phantom" IP address on the
10.0.0.x network. Then, natd can redirect to the "phantom" IP
address, which will be forwarded to the remote one.
To get specific, the remote machine is 10.1.0.11; the "phantom" IP
address is 10.0.0.11.
At this point, I'm just trying to get ipfw fwd to work... so, that
ping/telnet/etc.. to 10.0.0.11 are forwarded to 10.1.0.11.
Here's my ipfw rules:
00050 divert 8668 ip from any to any via xl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
06400 fwd 10.1.0.11 ip from any to 10.0.0.11
06401 fwd 10.1.0.11 ip from 10.0.0.11 to any
65000 allow ip from any to any
65535 allow ip from any to any
But - that doesn't seem to work - ping seems to get into quite a mess :-)
PING 10.0.0.11 (10.0.0.11): 56 data bytes
36 bytes from 10.2.0.2: Redirect Host(New addr: 10.2.0.1)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0c81 0 0000 ff 01 9b1a 10.2.0.1 10.0.0.11
36 bytes from 10.2.0.2: Redirect Host(New addr: 10.2.0.1)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0c81 0 0000 fd 01 9d1a 10.2.0.1 10.0.0.11
(10.2.0.1 is the VPN network - part of vpnd.)
And, of course, nothing else seems to cut it...
So... does anyone have examples of how to set up ipfw forwarding?
(This is FreeBSD 4.3-RELEASE, by the way; and the kernel has been
compiled with the IPFIREWALL_FORWARD option.)
- Thanks! -
- Dave Rivers -
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107171200.f6HC0cB40770>