Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 2 Aug 2002 23:09:19 +0000
From:      "D. Penev" <dpenev@mail.bg>
To:        Matt Abraham <mailing@novaconnect.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Unable to get "ipfw fwd" working
Message-ID:  <20020802230919.GA260@earth.dpsca.bg>
In-Reply-To: <web-44502@novaconnect.net>
References:  <web-44502@novaconnect.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jul 31, 2002 at 05:28:40PM -0400, Matt Abraham wrote:
>From: "Matt Abraham" <mailing@novaconnect.net>
>Subject: Unable to get "ipfw fwd" working
>To: freebsd-questions@freebsd.org
>Date: Wed, 31 Jul 2002 17:28:40 -0400
>
>Hi all,
>
>I am running into a problem using ipfw to do source-based
>routing. 
>
>I am trying to forward traffic from a private IP address
>(172.17.1.5) to a gateway (192.168.215.15) via ANOTHER
>gateway running Freebsd/ipfw (rl0:192.168.200.240 and
>vr0:192.168.215.240). Now, this packet has already gone
>through a Cisco router with policy-based routing in place,
>so no NAT'ing is done to the packet -- static routes are in
>place on the Freebsd box to send the response back via the
>Cisco router.
>
>So! On the Freebsd box, I've got the following ipfw rule in
>place:
>
>650 fwd 192.168.215.15 ip from 172.17.1.5 to any in recv rl0
>
>When I try to ping a public address, say A.B.C.D, on the
>other side of 192.168.215.15 (it's got a public address on
>its outside interface), I receive "Destination Host
>Unreachable," i.e. ICMP 3.1 packets coming from
>192.168.200.240. Now, if I add a static route:
>
>route add -host A.B.C.D 192.168.215.15
>
>...it works, but this sort of defeats the purpose of
>source-based routing :) Clearly, I'm doing something wrong.
>Any ideas??

# man ipfw
[snip]
fwd ipaddr[,port]
                     Change the next-hop on matching packets to ipaddr, which
                     can be an IP address in dotted quad or a host name.  If
                     ipaddr is not a directly-reachable address, the route as
                     found in the local routing table for that IP is used
                     instead.
[snip]

>
>Matt
>mailing@novaconnect.net
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message

-- 
Regards,
D. Penev

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020802230919.GA260>