Date: Fri, 29 Dec 2006 16:20:09 GMT From: Timofej Dod <hidden@4you.lt> To: freebsd-bugs@FreeBSD.org Subject: Re[2]: kern/107305: ipfw fwd doesn't seem to work Message-ID: <200612291620.kBTGK9e9040842@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/107305; it has been noted by GNATS. From: Timofej Dod <hidden@4you.lt> To: Remko Lodder <remko@elvandar.org> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re[2]: kern/107305: ipfw fwd doesn't seem to work Date: Fri, 29 Dec 2006 17:45:34 +0200 Hi, The machine is a router. # sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 It is set to 1 and it doesn't help. In fact: # cat /etc/ipnat.rules rdr em0 from 212.59.27.249/32 to 0.0.0.0/0 port = 80 -> 212.59.27.254 port 80 tcp this works fine but i don't need it ip based I have a dummynet shaping there and I want all packets that are not assigned anywhere (i.e. blocked clients) to get redirected to our webserver so they can be notified that they are blocked. ------------------- RL> On Fri, Dec 29, 2006 at 03:00:27AM +0000, Timofej Dod wrote: >> >> Trying to set up transparent proxy, have a rule: >> >> fwd 212.59.27.254,1031 log logamount 100 tcp from any to any dst-port 80 >> >> # ifconfig >> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >> options=b<RXCSUM,TXCSUM,VLAN_MTU> >> inet 212.59.27.254 netmask 0xffffff00 broadcast 212.59.27.255 >> inet 212.59.27.252 netmask 0xffffff00 broadcast 212.59.27.255 >> ether 00:30:48:70:bd:d2 >> media: Ethernet autoselect (100baseTX <full-duplex>) >> status: active >> >> netcat not showing anything but there are lines in /var/log/security: >> >> # nc -l 212.59.27.254 1031 >> >> kernel: ipfw: 999 Forward to 212.59.27.254:1031 TCP 212.59.27.249:60399 64.233.183.147:80 in via em0 >> RL> So is your machine actually configured to forward packets at all? RL> use ``sysctl net.inet.ip.forwarding'', if that is 0 please change it to RL> 1 by doing the following: ``sysctl net.inet.ip.forwarding=1''. If this RL> works please dont forget to configure the option in /etc/sysctl.conf RL> Let me know what this does please. -- Timofej Dod
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612291620.kBTGK9e9040842>