Date: Mon, 8 Nov 1999 20:32:21 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: fordp@guide.chi.il.us (Ford Prefect) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw & forwarding ports.... Message-ID: <199911090132.UAA39484@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <3.0.3.32.19991107235514.006a0744@pop.interaccess.com> from Ford Prefect at "Nov 7, 1999 11:55:14 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Ford Prefect wrote,
> natd and ipfw have been runing just fine for me until I tried to do the
> following:
>
> I have my outside interface wich gets its address via DHCP on ed0.
> I have my inside interface set to 192.168.a.b
>
> and another machine on that same subnet 192.168.a.c
>
>
> I need to get port 80 from the outside to 192.168.a.c 80 I've been playing
> with ipfw but nothing seems to work. Perhaps I'm doing somehting stupid...
>
> Here's what I've tried:
>
> ipfw add fwd 192.168.a.c,80 from any to any
> ipfw add fwd 192.168.a.c,80 from any to any 80
> ipfw add fwd 192.168.a.c,80 from any to any 80 via out_interface
> ipfw add fwd 192.168.a.c from any to any 80
> ipfw add fwd 192.168.a.c from any to any 80 via out_interface
>
> I've also used 'ipfw add X fwd ...' to place the entries before and after
> the natd divert and around other rule chinks that could cause a problem.
>
> I've made sure my old rules weren't conflicting with the new ones while
> testing (by rebooting, or placing them earlier)
>
> I'm out of ideas so I figured I'd ask you guys :)
Let us review the ipfw(8) manpage,
"fwd ipaddr [,port] Change the next-hop on matching packets to ipaddr,
which can be an IP address in dotted quad or a host
name...
...If ipaddr is a
local address, then on a packet entering the system
from a remote host it will be diverted to port on
the local machine, keeping the local address of the
socket set to the original IP address the packet
was destined for."
To reprhase, the original destination IP of the packet IS NOT
CHANGED. Does your webserver on 192.168.a.c know it is supposed to
accept packets with destinions of 192.168.a.b? Probably not.
You are already running a tool that is meant to do this however,
natd(8). See the '-redirect_port' option.
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911090132.UAA39484>