Date: Mon, 29 Jul 2002 14:51:28 -0400 (EDT) From: Chad Ziccardi <ziccardi@digitalfreaks.org> To: Mike Dewhirst <m@devzerog.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: fwd (was divert a port to another ip Message-ID: <20020729144713.R14599-100000@digitalfreaks.org> In-Reply-To: <3D458ABA.4090309@devzerog.com>
next in thread | previous in thread | raw e-mail | index | archive | help
begin quote from Mike Dewhirst <m@devzerog.com> written 2002-07-29: Mike, Here's the line I'm using, I remember seeing issues if you don't have the forward option (IPFIREWALL_FORWARD) enabled in the kernel. ipfw add 30000 fwd 216.151.80.60,17337 tcp from any to 216.151.80.60 80 viaxl0 uname -a will tell you some more info about your freebsd version/kernel. [ziccardi@:~]$ uname -a FreeBSD digitalfreaks.org 4.6-STABLE FreeBSD 4.6-STABLE #5: Sat Jul 13 15:12:00 EDT 2002 root@digitalfreaks.org:/usr/obj/usr/src/sys/DIGITALFREAKS i386 Refs:: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html http://renaud.waldura.com/doc/freebsd/firewall/ http://www.acme.com/firewall.html > Chad, > > Thanks for the advice. It didn't quite work though. :( > > What am I doing wrong: > > # ipfw add 4 fwd 192.10.10.4,22 tcp from any to 80.x.x.x 666 via xl0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > > Running FreeBSD 4.4 > > How do I find out what version of FreeBSD I'm running? > > Thanks in advance, > > Mike > > > Chad Ziccardi wrote: > > begin quote from Mike Dewhirst <m@devzerog.com> written 2002-07-29: > > > > > >>Hi, > >> > >>If I want to divert all requests on a certain port to another ip address > >>and another port, e.g. > >> > >>80.0.0.123:666 --> 192.10.10.5:22 > >> > >>what would be the rule? I thought: > >> > >>divert 8668 tcp from any 666 to 192.10.10.5 22 via xl0 > >> > >>8668 is the natd port (I think) - I have this rule that works: > >>divert 8668 ip from any to any via xl1 > >> > >>But it doesn't seem to work. Any ideas? > >> > >>Also, what is a good online resource for ipfw? > >> > >>Thanks for any advice in advance! > > > > > > You'll need the option IP_FORWARD I believe > > > > fwd 216.151.80.60,7300 tcp from any to 216.151.80.60 80 via xl0 > > > > fwd dest ip, dest port, from any, incoming ip, incoming port > > > > so a hit to 216.151.80.60 port 80 would be rewritten to goto port 7300. > > > > > > > > > > > > > > > -- Chad Ziccardi, Professional Slacker cz@digitalfreaks.org "Some cause happiness wherever they go; others whenever they go." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020729144713.R14599-100000>