Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 08 Dec 1999 06:10:38 +0100
From:      Roelof Osinga <roelof@nisser.com>
To:        FreeBSD Stable <freebsd-stable@FreeBSD.ORG>
Subject:   ifpw forwarding problem
Message-ID:  <384DE84E.8285191E@nisser.com>
next in thread | raw e-mail | index | archive | help 
I'm trying to do redirect incoming connections on port 8080 to an
external port 80 on machine 10.0.0.3

nisser:/root/bin$ ifconfig -a
ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.0.0.55 netmask 0xffffff00 broadcast 10.0.0.255
        ether 00:60:97:14:31:a7
ep1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 212.187.0.39 netmask 0xfffff800 broadcast 212.187.7.255
        inet 194.134.130.170 netmask 0xffffffff broadcast 194.134.130.170
        ether 00:60:97:e4:98:db
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000

nisser:/root/bin$ uname -a
FreeBSD nisser.com 3.3-STABLE FreeBSD 3.3-STABLE #11: Wed Dec  8 04:54:50 CET
19
99     toor@nisser.com:/usr/src/sys/compile/FORSETI  i386

The kernel options in use are

#options         MROUTING                # Multicast routing
options         IPFIREWALL              #firewall
#options         IPFIREWALL_VERBOSE      #print information about
                                        # dropped packets
options         IPFIREWALL_FORWARD      #enable transparent proxy support
#options         "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
#options         IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options         IPDIVERT                #divert sockets
options         IPFILTER                #kernel ipfilter support
#options         IPFILTER_LOG            #ipfilter logging
#options        IPFILTER_LKM            #kernel support for ip_fil.o LKM
#options         TCPDEBUG

natd is running with -same_ports -use_sockets on ep1

The command I'm issuing is:

ipfw add 2000 fwd 10.0.0.3,80 tcp from any to 10.0.0.55 8080 in via ep0

Though accepted it will not redirect. The 10.0.0.3:80 does answer
when queried directly:

nisser:/root/bin$ telnet 10.0.0.55 8080
Trying 10.0.0.55...
telnet: Unable to connect to remote host: Connection refused

nisser:~# ipfw list
00100 divert 8668 ip from any to any via ep1
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
01000 deny tcp from any to any 23,143,110,79,111 in recv ep1
01000 deny tcp from any to any 5800,5801,5802,5900,5901,5902 in recv ep1
02000 fwd 10.0.0.3,80 tcp from any to 10.0.0.55 8080 in recv ep0
65000 allow ip from any to any
65535 deny ip from any to any

What am I missing here?

Roelof

-- 
Home is where the (@) http://eboa.com/ is.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?384DE84E.8285191E>