Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Feb 2005 15:47:45 -0800 (PST)
From:      Kelly Yancey <>
To:        Chris Knipe <>
Subject:   Re: ipfw fwd
Message-ID:  <>
In-Reply-To: <004e01c50f56$ce47c020$>
References:  <001f01c50ec9$8801c580$> <004e01c50f56$ce47c020$>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thu, 10 Feb 2005, Chris Knipe wrote:

> >
> >  The ipfw(8) man page is a little vague with the phrasing "matching
> > rule on that system to capture them".  Normally systems don't process
> > packets locally that are not destined for it.  You can use tcpdump on
> > the remote box to verify for yourself that the fwd is working correctly
> > and that the remote box is receiving the packets.  The remote box just
> > doesn't know what to do with the packets it is receiving.
> I never even saw this before in the man page... I'll have to look a bit
> closer.  I did check prior to posting (sorry, I should have mentioned), no
> packets are picked up on the host that I forward to...
> Is there any other ways to accomplish this?? natd????  I want to try and
> stay away from natd, because if I do this with NATD, there's going to be
> allot of other issues I need fix as well.....

  Others have already covered the possible issues with receiving the
packets.  As for getting the remote host to accept the packets once it
receives them, you are faced with needing to rewrite the destination IP
address one way or another.  As you mention, natd should be able to do
this for you.  Another solution would be to forward to a local process
which proxies the traffic to the remote server, but then you have to ask
yourself whether that is better than just running whatever application
it is on the remote server on the firewall itself.

  Good luck,


Kelly Yancey  -  kbyanc@{,}  -

Want to link to this message? Use this URL: <>