Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 24 Feb 2002 23:51:32 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        Ivan Coimbra <ivan@sunline.com.br>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: IPFW really doesn't work with non-local adresses!!!
Message-ID:  <20020224235132.G83869@blossom.cjclark.org>
In-Reply-To: <000e01c1bcea$9ac5ada0$11cad5c8@mshome.net>; from ivan@sunline.com.br on Sun, Feb 24, 2002 at 01:20:32AM -0300
References:  <000e01c1bcea$9ac5ada0$11cad5c8@mshome.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Feb 24, 2002 at 01:20:32AM -0300, Ivan Coimbra wrote:
> Hi,
> 
> I am using FreeBSD 4.5, totally updated by the last RELENG_4.
> Internal Interface: 10.2.7.89
> External Interface: 200.122.56.78
> I need use the ipfw forward (NO NAT!!!), the packages cannot be changed, it
> has to maintain its original source!
> My active options in kernel are:
> options IPFIREWALL
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPFIREWALL_FORWARD
> net.inet.ip.forwarding: 1
> Rules:
> su-2.05a #ipfw show
> 00100 20 1053 fwd 10.2.7.89,25 tcp from any to any 80
> 65535 20758 3155253 allow ip from any to any
> 
> This works perfectly, because 10.2.7.89 are a local address!!
> 
> But when I try with non-local addresses:
> su-2.05a #ipfw show
> 00100 20 1053 fwd 10.2.7.90,25 tcp from any to any 80
> 65535 20758 3155253 allow ip from any to any
> 
> NOTHING WORKS!!
> 
> PS: 10.2.7.90 are the same network!
> 
> Can anybody help me??
> There are days I don't get any answer!

RTFM,

             fwd ipaddr[,port]
                     Change the next-hop on matching packets to ipaddr, which
                     can be an IP address in dotted quad or a host name.
                     ...
                                                 If the IP is not a local
                     address then the port number (if specified) is ignored

You cannot send packets to a different port on the remote
machine. Since we are not modifying the packets in any way, how can
you tell the remote machine to send the packet to a different port?
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020224235132.G83869>