From owner-freebsd-questions  Thu Jan  3 14:39:54 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by hub.freebsd.org (Postfix) with ESMTP id 4683937B41B
	for <questions@freebsd.org>; Thu,  3 Jan 2002 14:39:51 -0800 (PST)
Received: from user-33qtk3u.dialup.mindspring.com ([199.174.208.126] helo=gohan.cjclark.org)
	by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16MGWS-0000l9-00; Thu, 03 Jan 2002 14:39:43 -0800
Received: (from cjc@localhost)
	by gohan.cjclark.org (8.11.6/8.11.1) id g03MdF201674;
	Thu, 3 Jan 2002 14:39:15 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 3 Jan 2002 14:39:14 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Dean Hollister <dean@odyssey.apana.org.au>
Cc: questions@FreeBSD.ORG
Subject: Re: ipfw question
Message-ID: <20020103143914.D236@gohan.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20020103184834.R61032-100000@odyssey.apana.org.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020103184834.R61032-100000@odyssey.apana.org.au>; from dean@odyssey.apana.org.au on Thu, Jan 03, 2002 at 06:51:03PM +0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, Jan 03, 2002 at 06:51:03PM +0800, Dean Hollister wrote:
> 
> Hello,
> 
> I've combed through the handbook and faq...I'm stuck on one particular
> type of ipfw rule.
> 
> I want to redirect any outgoing tcp connections on a specific port to
> another host,port. For example:

You cannot use 'fwd' to forward packets to a different port on another
host.

> ipfw add 90 fwd 1.1.1.1,100 tcp from localhost to any 100 out

There are a two problems here. First, specifying the port in the 'fwd'
command is meaningless if 1.1.1.1 is a remote host. Second, do you
really want to redirect packets with a source IP address of 127.0.0.1?
Those should never go over the wire.

> The command accepts, but when I attempt a connection, the packets are not
> being filtered. What am I doing wrong?

Not being "filtered?" I suspect that you are actually trying to do NAT
or the like here?

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/networking.html#SERVICE-REDIRECT

-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message