Date: Sun, 28 Jan 2001 15:38:07 -0800 From: Dima Dorfman <dima@unixfreak.org> To: cjclark@alum.mit.edu Cc: doc@freebsd.org Subject: Re: Possible FAQ Entry: ipfw(8) fwd Rules Message-ID: <20010128233812.590E53E02@bazooka.unixfreak.org> In-Reply-To: Message from "Crist J. Clark" <cjclark@reflexnet.net> of "Sun, 28 Jan 2001 13:43:00 PST." <20010128134300.X10761@rfx-216-196-73-168.users.reflex>
next in thread | previous in thread | raw e-mail | index | archive | help
> Another question I am sick of answering on the lists. People try to > [...] > 9.20.1. Why is my ipfw(8) 'fwd' rule to redirect a service to > another machine not working? Attached is a marked up version. I made a few mechanical modifications to help it fit in the DocBook scheme, but other than that it should be identical to your text version. You can preview the rendered version at: http://www.unixfreak.org/~dima/home/freebsd/data/FAQ/networking.html#IPFW-FWD Comments? Dima Dorfman dima@unixfreak.org Index: book.sgml =================================================================== RCS file: /st/src/FreeBSD/doc/en_US.ISO_8859-1/books/faq/book.sgml,v retrieving revision 1.140 diff -u -r1.140 book.sgml --- book.sgml 2001/01/18 01:14:24 1.140 +++ book.sgml 2001/01/28 23:25:39 @@ -8136,6 +8186,41 @@ </listitem> </itemizedlist></para> + </answer> + </qandaentry> + + <qandaentry> + <question id="ipfw-fwd"> + <para>Why is my &man.ipfw.8; <quote>fwd</quote> rule to redirect a + service to another machine not working?</para> + </question> + + <answer> + <para>Possibly because you want to do network address translation + (NAT) and not just forward packets. A <quote>fwd</quote> rule + does exactly what it says; it forwards packets. It does not + actually change the data inside the packet. Say we have a rule + like:</para> + + <screen>01000 fwd <replaceable>10.0.0.1</replaceable> from any to <replaceable>foo 21</replaceable></screen> + + <para>When a packet with a destination address of + <replaceable>foo</replaceable> arrives at the machine with this + rule, the packet is forwarded to + <replaceable>10.0.0.1</replaceable>, but it still has the + destination address of <replaceable>foo</replaceable>! The + destination address of the packet is <emphasis>not</emphasis> + changed to <replaceable>10.0.0.1</replaceable>. Most machines + would probably drop a packet that they receive with a + destination address that is not their own. Therefore, using a + <quote>fwd</quote> rule does not often work the way the user + expects. This behavior is a feature and not a bug.</para> + + <para>See the <link linkend="service-redirect">FAQ about + redirecting services</link>, the &man.natd.8; manual, or one of + the several port redirecting utilities in the <ulink + url="../ports/">ports collection</ulink> for a correct way to do + this.</para> </answer> </qandaentry> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010128233812.590E53E02>