From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 20 16:28:49 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 862D016A4CE for ; Mon, 20 Sep 2004 16:28:49 +0000 (GMT) Received: from debug.ro (debug.ro [81.196.162.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id C12BC43D1D for ; Mon, 20 Sep 2004 16:28:48 +0000 (GMT) (envelope-from cristi@debug.ro) Received: from debug.ro (localhost.ro [127.0.0.1]) by debug.ro (8.13.1/8.13.1) with ESMTP id i8KGSkxO029592; Mon, 20 Sep 2004 19:28:46 +0300 (EEST) (envelope-from cristi@debug.ro) Received: from localhost (cristi@localhost) by debug.ro (8.13.1/8.12.9/Submit) with ESMTP id i8KGSjYD029589; Mon, 20 Sep 2004 19:28:45 +0300 (EEST) (envelope-from cristi@debug.ro) Date: Mon, 20 Sep 2004 19:28:45 +0300 (EEST) From: Cristian Ursuleanu To: Thomas Wolf In-Reply-To: <20040920084359.eei75hutjsgs88@.mailhost.wsf.at> Message-ID: <20040920192709.K29498@debug.ro> References: <20040920084359.eei75hutjsgs88@.mailhost.wsf.at> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw & natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 16:28:49 -0000 from ipfw manual: "divert port Divert packets that match this rule to the divert(4) socket bound to port port. The search terminates. ----------------- " On Mon, 20 Sep 2004, Thomas Wolf wrote: > > Cristian Ursuleanu schrieb: > > > > > > > Hi, > > > > I have a problem with ipfw: > > > > > > (10.0.0.x) (ed0)(10.0.0.1)(rl0) (1.2.3.4) > > --LAN----------------FreeBSD--------------ISP_1 > > | > > |(rl1) > > | > > | (5.6.7.8) > > |_________________ISP_2 > > > > > > > > thw default route is 1.2.3.4 > > ( $ route add -net 0.0.0.0 1.2.3.4 ) > > > > I want to forward only port 80 from LAN to ISP_2 . > > > > I do: > > $ natd -p 8668 -interface rl0 > > $ natd -p 8669 -interface rl1 > > > > $ ipfw add 500 fwd 5.6.7.8 tcp from 10.0.0.0/24 to any 80 > > $ ipfw add 1000 divert 8668 all from any to any rl0 > > $ ipfw add 2000 divert 8669 all from any to any rl1 > > > > and it's seems not to work . > > 'tcpdump' on rl1 show connections from 10.0.0.2.3122 > WEB_SERVER.80 , and > > it must be: 5.6.7.8 > WEB_SERVER.80 > > > > is missing the natd . > > > > what is wrong? > > The 'fwd' action terminates the search through the ruleset, so > your rule 2000 will never match on outgoing packets to :80. > Try putting the 'fwd' statement after 2000 ('divert' re-injects > packets at the next rule), something like this: > add 2010 fwd 5.6.7.8 tcp from any to any 80 out recv ed0. > > Thomas > > -- > Thomas Wolf > Wiener Software Fabrik > Dubas u. Wolf GMBH > 1050 Wien, Mittersteig 4 > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >