From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 28 08:45:17 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CEE316A421 for ; Wed, 28 Nov 2007 08:45:17 +0000 (UTC) (envelope-from sepherosa@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182]) by mx1.freebsd.org (Postfix) with ESMTP id BEFAF13C4D5 for ; Wed, 28 Nov 2007 08:45:16 +0000 (UTC) (envelope-from sepherosa@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so3212808pyb for ; Wed, 28 Nov 2007 00:45:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=qPDAtljHMD/eY3clrpYd0y4TWNQkKUGcSW4CopE3fkI=; b=NfjXKFvSuPnaWwfm5X/2cWFOw1ME/OFOAbm07ec+YHc5uQv8v7rnBBpG8BLUiuE0IX/w+lcJGOpjpHxY2SzZnbkaAogseZkhlLrTpt7ZT2WgJCx689/grUyD69n7ZNYzEa5htbX+/4hzdqwrtD0jCP6bUqvfjOQT99SuxBhC8qY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hv2fQPrDF6tlDcr2zHAnbUBNTXfkGLag/F0XPv6G5KyVEq27/tynEZe36yTLjzNiUSaDGhbSizRRqEwlvdd+nC2Wij+PJ39LHVmVzlIdxWNm99FBSKLw6ECLUYGwmVYqwksgDXw2DwizAMgHZ6lKtCeDBSzAE7OdEnzbnx2tsyM= Received: by 10.65.83.18 with SMTP id k18mr10847163qbl.1196239515664; Wed, 28 Nov 2007 00:45:15 -0800 (PST) Received: by 10.64.149.18 with HTTP; Wed, 28 Nov 2007 00:45:15 -0800 (PST) Message-ID: Date: Wed, 28 Nov 2007 16:45:15 +0800 From: "Sepherosa Ziehau" To: "Sam Wun" In-Reply-To: <736c47cb0711280021g2ad48ec2g7bdc0246f027c3b6@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <736c47cb0711271803o46dd89d8te49d5969fd358d15@mail.gmail.com> <736c47cb0711272018k1e40b1b7v7edfa1d2b5d50891@mail.gmail.com> <736c47cb0711280021g2ad48ec2g7bdc0246f027c3b6@mail.gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw forwarding doesn't work - for more than 2 months. --- please help X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 08:45:17 -0000 On Nov 28, 2007 4:21 PM, Sam Wun wrote: > On Nov 28, 2007 5:12 PM, Sepherosa Ziehau wrote: > > On Nov 28, 2007 12:18 PM, Sam Wun wrote: > > > I have read the manpages and freebsd handbook more than 20 tiems. > > > > Oh? Then I think you must have read this in ipfw manpage: > > ... > > The fwd action does not change the contents of the packet at all. In > > particular, the destination address remains unmodified, so packets > > forwarded to another system will usually be rejected by that system > > unless there is a matching rule on that system to capture them. > > ... > > > OK, I mis-read that. is that mean I need to implement a rule in the > internal web server? IMHO, what you need is a divert rule and natd on 6, or try 7's ipfw with the in-kernel NAT. Best Regards, sephe > I t hink I just need to install rinet in this freebsd router for the > port forwarding. > > Thanks > > > > Best Regards, > > sephe > > > > > > > > > > > > > > > > On Nov 28, 2007 2:40 PM, Sepherosa Ziehau wrote: > > > > On Nov 28, 2007 10:03 AM, Sam Wun wrote: > > > > > Hi, > > > > > > > > > > I setup the following ipfw rules in freebsd 6.2: > > > > > belmore# ipfw list > > > > > 00001 allow udp from any to any dst-port 500 > > > > > 00001 allow esp from any to any > > > > > 00001 allow esp from any to any > > > > > 00001 allow ipencap from any to any > > > > > 00001 allow ipencap from any to any > > > > > 00020 fwd 192.168.1.222 ip from any to 220.233.24.213 dst-port 80 in > > > > > > > > I don't think this does the rdr you intended. Please take a look at > > > > ipfw manpage. > > > > > > > > Best Regards, > > > > sephe > > > > > > > > > I don't know what is wrong that the freebsd server (6.2) can't > > > > > redirect/forward http request to an internal server (web server - > > > > > 192.168.1.222). > > > > > > > > > > Can anyone please give suggestion to modify this rules? > > > > > Or can you please post your workable ipfw rules that achieved the same goal? > > > > > > > > > > Thanks > > > > > S > > > > > _______________________________________________ > > > > > freebsd-ipfw@freebsd.org mailing list > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > > > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > > > > > > > -- > > > > Live Free or Die > > > > _______________________________________________ > > > > freebsd-ipfw@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > -- > > Live Free or Die > > > -- Live Free or Die