From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 10 12:50:51 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B11516A4CE for ; Thu, 10 Feb 2005 12:50:51 +0000 (GMT) Received: from grsu.by (grsu.by [194.158.202.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9291F43D3F for ; Thu, 10 Feb 2005 12:50:41 +0000 (GMT) (envelope-from grog@grsu.by) Received: (qmail 60881 invoked from network); 10 Feb 2005 12:48:11 -0000 Received: from unknown (HELO ?10.31.16.99?) (grog@10.31.16.99) by grsu.by with SMTP; 10 Feb 2005 12:48:10 -0000 Message-ID: <420B56F6.2010702@grsu.by> Date: Thu, 10 Feb 2005 14:43:34 +0200 From: Yury Tarasievich User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <20050210120056.4F7A316A4E9@hub.freebsd.org> In-Reply-To: <20050210120056.4F7A316A4E9@hub.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ipfw fwd [freebsd-ipfw Digest, Vol 98, Issue 3] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 12:50:51 -0000 My quick guess would be: 1. you'll have to qualify packets re their in/out status. 2. also to check whether your firewall is of OPEN type (alias "accept by default" == allows everything in 65535 or somewhere close) --Yury freebsd-ipfw-request@freebsd.org wrote: > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 9 Feb 2005 19:05:17 +0200 > From: "Chris Knipe" > Subject: ipfw fwd > To: > Message-ID: <001f01c50ec9$8801c580$0a01a8c0@ops.cenergynetworks.com> > Content-Type: text/plain; format=flowed; charset="iso-8859-1"; > reply-type=original > > Lo all, > > FreeBSD 4.11-STABLE, running ipfw2. > > root@wsmd-core02:/home/cknipe# ifconfig vlan1 > vlan1: flags=8843 mtu 1496 > inet 198.19.0.33 netmask 0xffffffe0 broadcast 198.19.0.63 > ether 00:08:a1:7a:b1:44 > media: Ethernet autoselect (100baseTX) > status: active > vlan: 200 parent interface: rl0 > > ipfw2: > 00400 0 0 allow tcp from 198.19.0.36 to any dst-port 80 > 00401 12 652 allow tcp from 198.19.0.35 to any dst-port 25 > 00402 13 668 fwd 198.19.0.36,3128 tcp from 198.19.0.32/27 to any > dst-port 80 > 00403 2 120 fwd 198.19.0.35,25 tcp from 198.19.0.32/27 to any > dst-port 25 > > > However, packets that are forwarded, never connects to the destination where > it is forwarded to. And yes, I did check the obvious, everything is up and > running.... Is there some sysctl magic or something required to make this > work? I can fwd without a problem to the SAME BOX, but I cannot seem to get > it to work to fwd to remote machines. In case someone is wondering, this is > for transparent proxy / smtp servers.