ipfw forwarding

[OxY]

both addresses are on the same box, just 2 public ips..
.28 is the jail, .204 is one of the hosts alias

----- Original Message ----- 
From: "Peter Jeremy" <PeterJeremy at optushome.com.au>
To: "OxY" <oxy at field.hu>
Cc: <freebsd-hackers at freebsd.org>
Sent: Tuesday, December 13, 2005 7:20 PM
Subject: Re: ipfw forwarding


> On Tue, 2005-Dec-13 18:27:43 +0100, OxY wrote:
>>i used this rule:
>>
>>$cmd 00316 fwd x.x.x.x.204,80 tcp from any to x.x.x.28 80
>>
>>what's wrong with it?
> 
> You don't mention what is happening or not happening (running tcpdump
> and following packets as they go from system to system can be useful)
> but there are two issues you may not have considered.
> 1) Have you considered what will happen to packets being returned from
>   the server on .28 to the client?
> 2) ipfw(8) states:
>      The fwd action does not change the contents of the packet at all.
>      In particular, the destination address remains unmodified, so
>      packets forwarded to another system will usually be rejected by
>      that system unless there is a matching rule on that system to
>      capture them.  For packets forwarded locally, the local address
> 
> -- 
> Peter Jeremy