From owner-freebsd-ipfw Sun Feb 24 23:51:38 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 08A7137B400 for ; Sun, 24 Feb 2002 23:51:34 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020225075133.KNKJ2951.rwcrmhc53.attbi.com@blossom.cjclark.org>; Mon, 25 Feb 2002 07:51:33 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g1P7pWE50237; Sun, 24 Feb 2002 23:51:32 -0800 (PST) (envelope-from cjc) Date: Sun, 24 Feb 2002 23:51:32 -0800 From: "Crist J. Clark" To: Ivan Coimbra Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: IPFW really doesn't work with non-local adresses!!! Message-ID: <20020224235132.G83869@blossom.cjclark.org> References: <000e01c1bcea$9ac5ada0$11cad5c8@mshome.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000e01c1bcea$9ac5ada0$11cad5c8@mshome.net>; from ivan@sunline.com.br on Sun, Feb 24, 2002 at 01:20:32AM -0300 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Feb 24, 2002 at 01:20:32AM -0300, Ivan Coimbra wrote: > Hi, > > I am using FreeBSD 4.5, totally updated by the last RELENG_4. > Internal Interface: 10.2.7.89 > External Interface: 200.122.56.78 > I need use the ipfw forward (NO NAT!!!), the packages cannot be changed, it > has to maintain its original source! > My active options in kernel are: > options IPFIREWALL > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_FORWARD > net.inet.ip.forwarding: 1 > Rules: > su-2.05a #ipfw show > 00100 20 1053 fwd 10.2.7.89,25 tcp from any to any 80 > 65535 20758 3155253 allow ip from any to any > > This works perfectly, because 10.2.7.89 are a local address!! > > But when I try with non-local addresses: > su-2.05a #ipfw show > 00100 20 1053 fwd 10.2.7.90,25 tcp from any to any 80 > 65535 20758 3155253 allow ip from any to any > > NOTHING WORKS!! > > PS: 10.2.7.90 are the same network! > > Can anybody help me?? > There are days I don't get any answer! RTFM, fwd ipaddr[,port] Change the next-hop on matching packets to ipaddr, which can be an IP address in dotted quad or a host name. ... If the IP is not a local address then the port number (if specified) is ignored You cannot send packets to a different port on the remote machine. Since we are not modifying the packets in any way, how can you tell the remote machine to send the packet to a different port? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message