IPFW fwd to remote address

[Ian FREISLICH]

"Steve Bertrand" wrote:
> I am trying to set up a forward from one machine to another on a remote
> network across the Internet.
> 
> I want to receive requests on one box on port 8080 and simply forward them
> to a remote machine on the same port. I have tried the following rules, to
> no avail. I have IPFIREWALL_FORWARD in my kernel (4.10), and # ipfw show
> reports the hits to the rule.
> 
> # ipfw add 1000 fwd 216.209.x.x tcp from any to me 8080
> # ipfw add 1000 fwd 216.209.x.x,8080 tcp from any to me 8080
> # ipfw add 1000 fwd 216.209.x.x tcp from any to me 8080
> # ipfw add 1000 fwd 216.209.x.x,8080 from any to any 8080
> 
> I can not see the packets going back out of the machine, nor does ipfw log
> anything at the other end. # tcpdump at the remote end does not pick up
> any traffic.
> 
> Does this have something to do with the fact that I am going across the
> Internet, and it is trying to route the packets back to itself (I
> understand the dest does not get changed). If so, how could I re-write the
> packets so they will get delivered?

I would imagine so.  From the manual page:

fwd | forward ipaddr[,port]
             Change the next-hop on matching packets to ipaddr, which can be
             an IP address in dotted quad format or a host name.  The search
             terminates if this rule matches.

The next hop must be on your local network, otherwise is isn't
really the next hop.  The next hop will route the packets forwarded
to it by this rule.

It sounds like you want to rewrite the destination address in the
packets.  Have a look at natd(8).  It may turn out to be more
complicated than you think because the source address from the other
side will be wrong for returning packets, so you'll have to rewrite
those as well.

What are you trying to achieve?

Ian

--
Ian Freislich