ipfw fwd [freebsd-ipfw Digest, Vol 98, Issue 3]
Yury Tarasievich
grog at grsu.by
Thu Feb 10 04:50:51 PST 2005
My quick guess would be:
1. you'll have to qualify packets re their in/out status.
2. also to check whether your firewall is of OPEN type (alias "accept by
default" == allows everything in 65535 or somewhere close)
--Yury
freebsd-ipfw-request at freebsd.org wrote:
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 9 Feb 2005 19:05:17 +0200
> From: "Chris Knipe" <savage at savage.za.org>
> Subject: ipfw fwd
> To: <freebsd-ipfw at freebsd.org>
> Message-ID: <001f01c50ec9$8801c580$0a01a8c0 at ops.cenergynetworks.com>
> Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> reply-type=original
>
> Lo all,
>
> FreeBSD 4.11-STABLE, running ipfw2.
>
> root at wsmd-core02:/home/cknipe# ifconfig vlan1
> vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
> inet 198.19.0.33 netmask 0xffffffe0 broadcast 198.19.0.63
> ether 00:08:a1:7a:b1:44
> media: Ethernet autoselect (100baseTX)
> status: active
> vlan: 200 parent interface: rl0
>
> ipfw2:
> 00400 0 0 allow tcp from 198.19.0.36 to any dst-port 80
> 00401 12 652 allow tcp from 198.19.0.35 to any dst-port 25
> 00402 13 668 fwd 198.19.0.36,3128 tcp from 198.19.0.32/27 to any
> dst-port 80
> 00403 2 120 fwd 198.19.0.35,25 tcp from 198.19.0.32/27 to any
> dst-port 25
>
>
> However, packets that are forwarded, never connects to the destination where
> it is forwarded to. And yes, I did check the obvious, everything is up and
> running.... Is there some sysctl magic or something required to make this
> work? I can fwd without a problem to the SAME BOX, but I cannot seem to get
> it to work to fwd to remote machines. In case someone is wondering, this is
> for transparent proxy / smtp servers.
More information about the freebsd-ipfw
mailing list