Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Jan 2007 06:34:06 -0800
From:      Chris <cpratt@ptserv.net>
To:        freebsd-questions@freebsd.org
Subject:   ipfw fwd command
Message-ID:  <30CEBFA6-45A9-4D82-92D9-1795DA47A14D@ptserv.net>

Next in thread | Raw E-Mail | Index | Archive | Help
I'm hooking up a second T1 to a FreeBSD 6.2 apache webserver.
It's use is to be extremely simplistic having no NAT, no load balancing
nor even failover capabilities. I'd like for packets entering on either
interface to leave on the interface the arrived on. From what I've
read, this can be done by:

1. Compile and install kernel with IPFIREWALL_FORWARD
2. ifconfig the new additional ethernet card
3. modify apache Listen
4. add security and forwarding statements to ipfw

The last step concerns me because ipfw's fwd command in man is
not really discussed in detail to determine that this is what it's for.
What I've read suggests that given:

x.y.z.1 = new T1 Router gateway, new ISP
x.y.z.2 = new IP for the server on new NIC
a.b.c.1 = existing T1 Router gateway, current ISP
a.b.c.2 = existing IP existing NIC (is defaultrouter)

I should be able to put in:

    ipfw add <nnnn> fwd x.y.z.1 ip from x.y.z.2 to any

The question is, will this actually allow packets arriving on the
interface with x.y.z.2 to return back out that interface without
impact to the existing configuration and routing?

If so, should this command appear early in the rule list or
following the security oriented rules for the new interface
(e.g., after allowing port 80 in and established connections
out)?

I'm not subscribed to the list so please do reply to me also.

Thank you,
Chris


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?30CEBFA6-45A9-4D82-92D9-1795DA47A14D>