Date: Wed, 28 Nov 2007 16:45:15 +0800 From: "Sepherosa Ziehau" <sepherosa@gmail.com> To: "Sam Wun" <swun2010@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw forwarding doesn't work - for more than 2 months. --- please help Message-ID: <ea7b9c170711280045v76974a44u8a41733df91355d3@mail.gmail.com> In-Reply-To: <736c47cb0711280021g2ad48ec2g7bdc0246f027c3b6@mail.gmail.com> References: <736c47cb0711271803o46dd89d8te49d5969fd358d15@mail.gmail.com> <ea7b9c170711271940m70bb41c2se39a15d3519b98f8@mail.gmail.com> <736c47cb0711272018k1e40b1b7v7edfa1d2b5d50891@mail.gmail.com> <ea7b9c170711272212x3c0faf9eg6b314669431a821b@mail.gmail.com> <736c47cb0711280021g2ad48ec2g7bdc0246f027c3b6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 28, 2007 4:21 PM, Sam Wun <swun2010@gmail.com> wrote: > On Nov 28, 2007 5:12 PM, Sepherosa Ziehau <sepherosa@gmail.com> wrote: > > On Nov 28, 2007 12:18 PM, Sam Wun <swun2010@gmail.com> wrote: > > > I have read the manpages and freebsd handbook more than 20 tiems. > > > > Oh? Then I think you must have read this in ipfw manpage: > > ... > > The fwd action does not change the contents of the packet at all. In > > particular, the destination address remains unmodified, so packets > > forwarded to another system will usually be rejected by that system > > unless there is a matching rule on that system to capture them. > > ... > > > OK, I mis-read that. is that mean I need to implement a rule in the > internal web server? IMHO, what you need is a divert rule and natd on 6, or try 7's ipfw with the in-kernel NAT. Best Regards, sephe > I t hink I just need to install rinet in this freebsd router for the > port forwarding. > > Thanks > > > > Best Regards, > > sephe > > > > > > > > > > > > > > > > On Nov 28, 2007 2:40 PM, Sepherosa Ziehau <sepherosa@gmail.com> wrote: > > > > On Nov 28, 2007 10:03 AM, Sam Wun <swun2010@gmail.com> wrote: > > > > > Hi, > > > > > > > > > > I setup the following ipfw rules in freebsd 6.2: > > > > > belmore# ipfw list > > > > > 00001 allow udp from any to any dst-port 500 > > > > > 00001 allow esp from any to any > > > > > 00001 allow esp from any to any > > > > > 00001 allow ipencap from any to any > > > > > 00001 allow ipencap from any to any > > > > > 00020 fwd 192.168.1.222 ip from any to 220.233.24.213 dst-port 80 in > > > > > > > > I don't think this does the rdr you intended. Please take a look at > > > > ipfw manpage. > > > > > > > > Best Regards, > > > > sephe > > > > > > > > > I don't know what is wrong that the freebsd server (6.2) can't > > > > > redirect/forward http request to an internal server (web server - > > > > > 192.168.1.222). > > > > > > > > > > Can anyone please give suggestion to modify this rules? > > > > > Or can you please post your workable ipfw rules that achieved the same goal? > > > > > > > > > > Thanks > > > > > S > > > > > _______________________________________________ > > > > > freebsd-ipfw@freebsd.org mailing list > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > > > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > > > > > > > -- > > > > Live Free or Die > > > > _______________________________________________ > > > > freebsd-ipfw@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > -- > > Live Free or Die > > > -- Live Free or Die
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ea7b9c170711280045v76974a44u8a41733df91355d3>