Date: Tue, 16 Jan 2007 10:21:33 -0800 From: Chuck Swiger <cswiger@mac.com> To: Tony Holmes <tony@crosswinds.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: Forwarding with Packet Rewriting Message-ID: <F08E2AB7-29EB-46AE-BF7B-C0FEBAA2D2C3@mac.com> In-Reply-To: <20070116162113.GA29639@crosswinds.net> References: <20070116162113.GA29639@crosswinds.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 16, 2007, at 8:21 AM, Tony Holmes wrote: > I have a freebsd 4.11 firewall with ipfw and divert/natd in it. > > All I want to do is rewrite packets destined to IP a.b.c.d 25 to > IP a.b.c.e 25 and rewrite them on the way out. a.b.c.d and a.b.c.e > are not on the local machines - but are on the local subnets. If you are dealing with external connections to a.b.c.d which pass through the router running IPFW & natd, then you want to use the redirect_address directive (see "man natd"). If a.b.c isn't one of the RFC-1918 unroutable subnets, but a normal routable IP, you'll have to also toggle the unregistered_only option. On the other hand, if you are trying to deal with subnet-local traffic which does not need to pass through the IPFW/natd router, then you'll either need to use ICMP redirects to indicate that traffic to the old IP should go to the new IP (if you are not using the old IP anymore and no machine will go there until you fix whatever uses the old IP to use the new IP instead). If you have machines at both a.b.c.d & a.b.c.e *and* a.b.c.d is not running anything on port 25, you can use SSH port forwarding, netcat, or something like the plug-gw port forwarding mechanisms to forward the traffic over. If you have machines at both a.b.c.d & a.b.c.e and both are listening on port 25, and the traffic is local, then I don't know of any solution short of changing the callers to use the new IP. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F08E2AB7-29EB-46AE-BF7B-C0FEBAA2D2C3>