Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 25 Nov 2000 14:47:23 -0800
From:      "Crist J . Clark" <cjclark@reflexnet.net>
To:        "John W. De Boskey" <jwd@FreeBSD.ORG>
Cc:        Questions List <freebsd-questions@FreeBSD.ORG>
Subject:   Re: ipfw fwd vs. natd redirect
Message-ID:  <20001125144723.A12190@149.211.6.64.reflexcom.com>
In-Reply-To: <20001125070210.A38070@FreeBSD.org>; from jwd@FreeBSD.ORG on Sat, Nov 25, 2000 at 07:02:10AM -0800
References:  <20001125070210.A38070@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Nov 25, 2000 at 07:02:10AM -0800, John W. De Boskey wrote:
> Hi,
> 
>    I'm looking at two variations to foward mail and web
> services from the firewall to the appropriate server
> hosts.
> 
>    Using natd and redirect, I have this working. However, I
> also want to see what the comparable setup using ipfw is.
> Unfortunately, I am unable to get this working. I have
> the following rule in place:
> 
> ${fwcmd} add fwd ${mailip},25 log tcp from any to ${oip} 25

This rule does not make a lot of sense. Including a port number on a
fwd to an external machine is meaningless.

> which produces the following log msg:
> 
> ipfw: 1400 Forward to ${mailip}:25 TCP remothost:1587 firewallip:25 in via fxp0

Hmmm... It should not be doing this from how I understand fwd,

ipfw(8):
             fwd ipaddr[,port]
                     ...                     ... If the IP is not a local ad-
                     dress then the port number (if specified) is ignored and
                     the rule only applies to packets leaving the system.


> a split second later, I get:
> 
> ipfw: 1500 Divert 8668 TCP firewallip:25 remotehost:1587 out via fxp0
> 
> 
>    Could someone (if anyone) who is using 'ipfw fwd' please send me
> an example where this is working?

I don't think you want to be using fwd. Remeber, fwd DOES NOT ALTER
THE CONTENTS OF THE PACKET. fwd DOES NOT DO NAT. fwd only changes
where the packet is sent to next.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001125144723.A12190>