Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Feb 2005 14:43:34 +0200
From:      Yury Tarasievich <grog@grsu.by>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw fwd [freebsd-ipfw Digest, Vol 98, Issue 3]
Message-ID:  <420B56F6.2010702@grsu.by>
In-Reply-To: <20050210120056.4F7A316A4E9@hub.freebsd.org>
References:  <20050210120056.4F7A316A4E9@hub.freebsd.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
My quick guess would be:
1. you'll have to qualify packets re their in/out status.
2. also to check whether your firewall is of OPEN type (alias "accept by 
default" == allows everything in 65535 or somewhere close)

--Yury

freebsd-ipfw-request@freebsd.org wrote:

> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 9 Feb 2005 19:05:17 +0200
> From: "Chris Knipe" <savage@savage.za.org>
> Subject: ipfw fwd
> To: <freebsd-ipfw@freebsd.org>
> Message-ID: <001f01c50ec9$8801c580$0a01a8c0@ops.cenergynetworks.com>
> Content-Type: text/plain;	format=flowed;	charset="iso-8859-1";
> 	reply-type=original
> 
> Lo all,
> 
> FreeBSD 4.11-STABLE, running ipfw2.
> 
> root@wsmd-core02:/home/cknipe# ifconfig vlan1
> vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
>         inet 198.19.0.33 netmask 0xffffffe0 broadcast 198.19.0.63
>         ether 00:08:a1:7a:b1:44
>         media: Ethernet autoselect (100baseTX)
>         status: active
>         vlan: 200 parent interface: rl0
> 
> ipfw2:
> 00400       0         0 allow tcp from 198.19.0.36 to any dst-port 80
> 00401      12       652 allow tcp from 198.19.0.35 to any dst-port 25
> 00402      13       668 fwd 198.19.0.36,3128 tcp from 198.19.0.32/27 to any 
> dst-port 80
> 00403       2       120 fwd 198.19.0.35,25 tcp from 198.19.0.32/27 to any 
> dst-port 25
> 
> 
> However, packets that are forwarded, never connects to the destination where 
> it is forwarded to.  And yes, I did check the obvious, everything is up and 
> running....   Is there some sysctl magic or something required to make this 
> work?  I can fwd without a problem to the SAME BOX, but I cannot seem to get 
> it to work to fwd to remote machines.  In case someone is wondering, this is 
> for transparent proxy / smtp servers.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?420B56F6.2010702>