From owner-freebsd-ipfw@FreeBSD.ORG Wed Feb 9 17:04:29 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7029C16A4CE for ; Wed, 9 Feb 2005 17:04:29 +0000 (GMT) Received: from ctb-mesg2.saix.net (ctb-mesg2.saix.net [196.25.240.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB5CC43D5C for ; Wed, 9 Feb 2005 17:04:28 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from netsphere.cenergynetworks.com (wblv-146-208-196.telkomadsl.co.za [165.146.208.196]) by ctb-mesg2.saix.net (Postfix) with ESMTP id 23E033BDD for ; Wed, 9 Feb 2005 19:04:25 +0200 (SAST) Received: from pmx.ournet.co.za ([198.19.0.73] helo=netsphere.cenergynetworks.com) by netsphere.cenergynetworks.com with smtp (Exim 4.41) id 1CyvGK-000OsN-sL for freebsd-ipfw@freebsd.org; Wed, 09 Feb 2005 19:04:24 +0200 Received: from [192.168.1.10] (helo=netphobia) by netsphere.cenergynetworks.com with smtp (Exim 4.41) id 1CyvGH-000OsI-qj for freebsd-ipfw@freebsd.org; Wed, 09 Feb 2005 19:04:21 +0200 Message-ID: <001f01c50ec9$8801c580$0a01a8c0@ops.cenergynetworks.com> From: "Chris Knipe" To: Date: Wed, 9 Feb 2005 19:05:17 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Broken-Reverse-DNS: 192.168.1.10 X-PMX-Version: 4.7.0.111621, Antispam-Engine: 2.0.2.0, Antispam-Data: 2005.2.8.1 Subject: ipfw fwd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Knipe List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 17:04:29 -0000 Lo all, FreeBSD 4.11-STABLE, running ipfw2. root@wsmd-core02:/home/cknipe# ifconfig vlan1 vlan1: flags=8843 mtu 1496 inet 198.19.0.33 netmask 0xffffffe0 broadcast 198.19.0.63 ether 00:08:a1:7a:b1:44 media: Ethernet autoselect (100baseTX) status: active vlan: 200 parent interface: rl0 ipfw2: 00400 0 0 allow tcp from 198.19.0.36 to any dst-port 80 00401 12 652 allow tcp from 198.19.0.35 to any dst-port 25 00402 13 668 fwd 198.19.0.36,3128 tcp from 198.19.0.32/27 to any dst-port 80 00403 2 120 fwd 198.19.0.35,25 tcp from 198.19.0.32/27 to any dst-port 25 However, packets that are forwarded, never connects to the destination where it is forwarded to. And yes, I did check the obvious, everything is up and running.... Is there some sysctl magic or something required to make this work? I can fwd without a problem to the SAME BOX, but I cannot seem to get it to work to fwd to remote machines. In case someone is wondering, this is for transparent proxy / smtp servers. -- Chris.