Date: Tue, 23 Jan 2018 11:26:19 -0700 From: Alan Somers <asomers@freebsd.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Kristof Provost <kp@freebsd.org> Subject: Re: pf: redirect a packet's port but not its address? Message-ID: <CAOtMX2i3ZPM8TjHQvSj6tSjjDCEQhD2jqJkb6jZCMh3VjK_nUg@mail.gmail.com> In-Reply-To: <759792be-189f-bdaf-04c9-b01d26fa9e00@yandex.ru> References: <CAOtMX2j80odQ7%2Bt3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru> <CAOtMX2jroiz57KyQZUk%2B4aW4=_1m=Qs7wEP=_3pEVL%2BE2jg22A@mail.gmail.com> <759792be-189f-bdaf-04c9-b01d26fa9e00@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 23, 2018 at 10:39 AM, Andrey V. Elsukov <bu7cher@yandex.ru> wrote: > On 23.01.2018 19:17, Alan Somers wrote: > >>> Unfortunately, pf currently lacks this capability. But it looks like > it > >>> could be added without breaking existing pf.conf syntax. Would this > be a > >>> good idea? > >>> > >>> I don't use ipfw, but from reading the man page I believe that it has > the > >>> same problem. > >> > >> I think ipfw should work with such configuration using "fwd" action, > >> since TCP/UDP has special handling for this. > > > > > > The man page says that the fwd directive always takes an IP address. > What > > I need is a way to forward the port without changing the IP address. Is > > that possible in ipfw? > > "fwd" rule does not changing nor IP address, nor port. It uses some > magic with PCB lookup in the TCP/UDP code. > Just tried this: > > # ipfw add fwd ::1,5678 tcp from any to any 4000 > # nc -6 -l ::1 5678 > > And from another host tried: > # telnet -6 fc00::1 4000 > > And this works. > This does not work for me. When I try, tcpdump shows that the host running ipfw returns an RST packet when it receives a SYN for port 4000. That sounds like the fwd rule isn't working. And it's probably not working because I'm a total ipfw n00b. Is there anything else I need to configure in ipfw first? My rc.conf file looks like: firewall_enable="YES" firewall_type="open"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2i3ZPM8TjHQvSj6tSjjDCEQhD2jqJkb6jZCMh3VjK_nUg>