Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Apr 2003 17:20:31 -0700
From:      Darren Pilgrim <>
To:        <>
Subject:   Re: IPFW/NATD: Client behind firewall connecting to server behind firewall AS IF it were really EXTERNAL
Message-ID:  <>
In-Reply-To: <000001c30470$f9d63840$3401a8c0@neptune>
References:  <> <000001c30470$f9d63840$3401a8c0@neptune>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
"C_Ahlers" <> wrote:

>Am i missing something? 
>if  do:
>ipfw add divert natd all from any to any via $oif
>ipfw add fwd b.b.b.100,80 tcp from b.b.b.0/24 to a.a.a.15 80 in via $iif
>And say, client b.b.b.57 attempts to connect to a.a.a.15:80 - the
>forward rule will send out AS IS to b.b.b.100:80 on the internal
>1) No NAT will occur because NAT is setup only on external interface


>2) The packet's dest ipaddr is not changed: it is still a.a.a.15, and
>will not be routed to anything on b.b.b.0/24

The forarding behaviour is explained in ipfw(8).

>Do I need to NAT on $iif as well?

Probably, unless you don't need the webserver to answering from the address the
client expects it to.

Want to link to this message? Use this URL: <>