Forwarding with Packet Rewriting
cswiger at mac.com
Tue Jan 16 19:26:48 UTC 2007
On Jan 16, 2007, at 8:21 AM, Tony Holmes wrote:
> I have a freebsd 4.11 firewall with ipfw and divert/natd in it.
> All I want to do is rewrite packets destined to IP a.b.c.d 25 to
> IP a.b.c.e 25 and rewrite them on the way out. a.b.c.d and a.b.c.e
> are not on the local machines - but are on the local subnets.
If you are dealing with external connections to a.b.c.d which pass
through the router running IPFW & natd, then you want to use the
redirect_address directive (see "man natd"). If a.b.c isn't one of
the RFC-1918 unroutable subnets, but a normal routable IP, you'll
have to also toggle the unregistered_only option.
On the other hand, if you are trying to deal with subnet-local
traffic which does not need to pass through the IPFW/natd router,
then you'll either need to use ICMP redirects to indicate that
traffic to the old IP should go to the new IP (if you are not using
the old IP anymore and no machine will go there until you fix
whatever uses the old IP to use the new IP instead).
If you have machines at both a.b.c.d & a.b.c.e *and* a.b.c.d is not
running anything on port 25, you can use SSH port forwarding, netcat,
or something like the plug-gw port forwarding mechanisms to forward
the traffic over. If you have machines at both a.b.c.d & a.b.c.e and
both are listening on port 25, and the traffic is local, then I don't
know of any solution short of changing the callers to use the new IP.
More information about the freebsd-ipfw