Date: Tue, 13 Dec 2005 19:51:53 +0100 From: "OxY" <oxy@field.hu> To: <freebsd-hackers@freebsd.org> Subject: Re: ipfw forwarding Message-ID: <000e01c60016$48f84af0$0201a8c0@oxy> References: <001701c6000a$86eab700$0201a8c0@oxy> <20051213182039.GF77268@cirb503493.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
both addresses are on the same box, just 2 public ips.. .28 is the jail, .204 is one of the hosts alias ----- Original Message ----- From: "Peter Jeremy" <PeterJeremy@optushome.com.au> To: "OxY" <oxy@field.hu> Cc: <freebsd-hackers@freebsd.org> Sent: Tuesday, December 13, 2005 7:20 PM Subject: Re: ipfw forwarding > On Tue, 2005-Dec-13 18:27:43 +0100, OxY wrote: >>i used this rule: >> >>$cmd 00316 fwd x.x.x.x.204,80 tcp from any to x.x.x.28 80 >> >>what's wrong with it? > > You don't mention what is happening or not happening (running tcpdump > and following packets as they go from system to system can be useful) > but there are two issues you may not have considered. > 1) Have you considered what will happen to packets being returned from > the server on .28 to the client? > 2) ipfw(8) states: > The fwd action does not change the contents of the packet at all. > In particular, the destination address remains unmodified, so > packets forwarded to another system will usually be rejected by > that system unless there is a matching rule on that system to > capture them. For packets forwarded locally, the local address > > -- > Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000e01c60016$48f84af0$0201a8c0>