From owner-freebsd-ipfw@FreeBSD.ORG Wed May 7 21:55:28 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D7FA3106564A for ; Wed, 7 May 2008 21:55:28 +0000 (UTC) (envelope-from marconemlt@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.237]) by mx1.freebsd.org (Postfix) with ESMTP id 8A5D08FC12 for ; Wed, 7 May 2008 21:55:28 +0000 (UTC) (envelope-from marconemlt@gmail.com) Received: by wr-out-0506.google.com with SMTP id 50so263729wra.13 for ; Wed, 07 May 2008 14:55:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=ve2cOdED9/6YA3e4xmenZB72O6cJJEIiQIypqY0VIzo=; b=fussm9fXk6GzkHceTMPyWwiCoZJ9DYKBlsW+GGGo8WJgN0HrpqRkM9dQt9vKD71LYJbqTh5XrIjj7oeHzULmVjdL1/leBoEhY8zX5gZma793Vl+FHWfjNbnhLBND1BOBW1qQqNPEPS84Pogo9SfMiuqONggTt+vflFfBi7pPNZA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=CX4SDZy9uNLiXEbqq1mCJ5c7agfekMCZOVwCFZ4L2kncI5SiLvvvb+v4pxpB0gljHJjFEVOVxaK+7vGYjJrsIB1ksIwJZfC/X8ehU9DKvucYy0QKva6MMPZTNpkzJBA+whK3hpJw3Og/p3L/iqlI/oqzK4U4AD4VecZrEGD/fLA= Received: by 10.142.53.11 with SMTP id b11mr1066244wfa.314.1210197326752; Wed, 07 May 2008 14:55:26 -0700 (PDT) Received: by 10.142.240.21 with HTTP; Wed, 7 May 2008 14:55:26 -0700 (PDT) Message-ID: Date: Wed, 7 May 2008 18:55:26 -0300 From: "Marcone Theisen" To: "Tom Wuyts" In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: Redirect internal traffic (only port 80) to another link X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2008 21:55:28 -0000 Hi Tom, Thank's for the help, but not worked with the procedures below. The natd.conf file is ok, I'm restart the netstart and the natd. I think it may be the vlan. It's works fine, I can ping the gateway. But, I can route my internal traffic by vlan? With the command "trafshow -i vlan2" anything I can see. em0: flags=8843 mtu 1500 options=b inet6 fe80::211:43ff:fefd:3ff6%em0 prefixlen 64 scopeid 0x1 inet 10.40.4.1 netmask 0xffffff00 broadcast 10.40.4.255 ether 00:11:43:fd:3f:f6 media: Ethernet autoselect (1000baseTX ) status: active em1: flags=8843 mtu 1500 options=b inet 10.10.18.3 netmask 0xffffff00 broadcast 10.10.18.255 inet6 fe80::211:43ff:fefd:3ff7%em1 prefixlen 64 scopeid 0x2 ether 00:11:43:fd:3f:f7 media: Ethernet autoselect (1000baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 vlan2: flags=8843 mtu 1500 inet6 fe80::211:43ff:fefd:3ff6%vlan2 prefixlen 64 duplicated scopeid 0x4 inet 192.168.7.106 netmask 0xfffffff8 broadcast 192.168.7.111 ether 00:11:43:fd:3f:f7 media: Ethernet autoselect (1000baseTX ) status: active vlan: 2 parent interface: em1 portal# ping 192.168.7.105 PING 192.168.7.105 (192.168.7.105): 56 data bytes 64 bytes from 192.168.7.105: icmp_seq=0 ttl=30 time=0.839 ms 64 bytes from 192.168.7.105: icmp_seq=1 ttl=30 time=0.763 ms Have any other alternative to test ? Thank's, Marcone 2008/5/7 Tom Wuyts : > set in your rc.conf next line > > natd_flags="-f /etc/natd.conf" > > and then add the file natd.conf in your etc/ folder > > interface em0 (if i'm not mistaking, i don't completely get your question) > use_sockets yes > dynamic yes > redirect_port tcp 192.168.7.105:80 80 > > this should send all packets arriving at port 80 from your 10.0.0.0network to > 192.168.7.105 > > and then restart your network > /etc/netstart restart > > if he complains about natd, while restarting your network, kill natd with > "pkill natd" and then restart your network > > hope it helps, > > tom > > > > ------------------------------ > > Date: Tue, 6 May 2008 17:46:06 -0300 > > From: marconemlt@gmail.com > > To: freebsd-ipfw@freebsd.org > > Subject: Redirect internal traffic (only port 80) to another link > > > > Hi, > > > > I have 2 links, one em0 and other in vlan2 interface. > > My default route is em0. > > > > The problem is: > > I want to direct all internal Internet traffic (port 80) for the link in > > vlan2 interface. > > How to do it with the IPFW? > > > > Some information: > > > > Link em0 interface - 10.40.1.0 > > Interna network: em1 interface - 10.10.18.0 > > Link vlan2 interface - 192.168.7.0 > > > > The vlan2 interface is on Trunk port in switch. It's work. > > > > We have tried the following alternatives: > > > > I created another route: > > Route ADD 192.168.7.107 192.168.7.105 > > > > ipfw add 00019 divert from 8668 ip 10.10.18.0/24 to any 80 via vlan2 > > Traffic continued through dedicated link. > > > > ipfw add 00019 fwd 192.168.7.105 tcp from 10.10.18.0/24 to any 80 > > redirect the traffic on the link vlan2, but did not return anything. > > > > ipfw add 00019 divert from 8669 ip 10.10.18.0/24 to any 80 via vlan2 > > natd-s-m-n-vlan2 p 8669 > > Anything! > > > > All attempts without success. > > Thus, how I can redirect my internal Internet traffic to the VLAN2 link > with > > IPFW ? > > > > Thank's, > > Marcone > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > ------------------------------ > Nieuwe lente...Een nieuw online leven...Helemaal gratis! Windows Live > >