From owner-freebsd-ipfw Mon Jul 29 11:51:38 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC14037B400 for ; Mon, 29 Jul 2002 11:51:34 -0700 (PDT) Received: from digitalfreaks.org (digitalfreaks.org [216.151.95.156]) by mx1.FreeBSD.org (Postfix) with SMTP id 2E07D43E4A for ; Mon, 29 Jul 2002 11:51:34 -0700 (PDT) (envelope-from ziccardi@digitalfreaks.org) Received: (qmail 14942 invoked by uid 1000); 29 Jul 2002 18:51:28 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 29 Jul 2002 18:51:28 -0000 Date: Mon, 29 Jul 2002 14:51:28 -0400 (EDT) From: Chad Ziccardi To: Mike Dewhirst Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: fwd (was divert a port to another ip In-Reply-To: <3D458ABA.4090309@devzerog.com> Message-ID: <20020729144713.R14599-100000@digitalfreaks.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG begin quote from Mike Dewhirst written 2002-07-29: Mike, Here's the line I'm using, I remember seeing issues if you don't have the forward option (IPFIREWALL_FORWARD) enabled in the kernel. ipfw add 30000 fwd 216.151.80.60,17337 tcp from any to 216.151.80.60 80 viaxl0 uname -a will tell you some more info about your freebsd version/kernel. [ziccardi@:~]$ uname -a FreeBSD digitalfreaks.org 4.6-STABLE FreeBSD 4.6-STABLE #5: Sat Jul 13 15:12:00 EDT 2002 root@digitalfreaks.org:/usr/obj/usr/src/sys/DIGITALFREAKS i386 Refs:: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html http://renaud.waldura.com/doc/freebsd/firewall/ http://www.acme.com/firewall.html > Chad, > > Thanks for the advice. It didn't quite work though. :( > > What am I doing wrong: > > # ipfw add 4 fwd 192.10.10.4,22 tcp from any to 80.x.x.x 666 via xl0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > > Running FreeBSD 4.4 > > How do I find out what version of FreeBSD I'm running? > > Thanks in advance, > > Mike > > > Chad Ziccardi wrote: > > begin quote from Mike Dewhirst written 2002-07-29: > > > > > >>Hi, > >> > >>If I want to divert all requests on a certain port to another ip address > >>and another port, e.g. > >> > >>80.0.0.123:666 --> 192.10.10.5:22 > >> > >>what would be the rule? I thought: > >> > >>divert 8668 tcp from any 666 to 192.10.10.5 22 via xl0 > >> > >>8668 is the natd port (I think) - I have this rule that works: > >>divert 8668 ip from any to any via xl1 > >> > >>But it doesn't seem to work. Any ideas? > >> > >>Also, what is a good online resource for ipfw? > >> > >>Thanks for any advice in advance! > > > > > > You'll need the option IP_FORWARD I believe > > > > fwd 216.151.80.60,7300 tcp from any to 216.151.80.60 80 via xl0 > > > > fwd dest ip, dest port, from any, incoming ip, incoming port > > > > so a hit to 216.151.80.60 port 80 would be rewritten to goto port 7300. > > > > > > > > > > > > > > > -- Chad Ziccardi, Professional Slacker cz@digitalfreaks.org "Some cause happiness wherever they go; others whenever they go." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message