IPFW + Portforwarding
Sergey Matveychuk
sem at FreeBSD.org
Tue Oct 21 11:29:50 UTC 2008
John Hay wrote:
> On Tue, Oct 21, 2008 at 08:47:12AM +0400, Roman Kurakin wrote:
>> John Hay wrote:
>>> On Mon, Oct 20, 2008 at 11:19:22PM +0200, Leander S. wrote:
>>> You have to catch it where it is going out and not in. Fwd only works
>>> when packets are out bound.
>>>
>> But how this works for me?
>>
>> ipfw fwd 192.168.0.4,3128 log logamount 1000 tcp from 172.22.4.0/24 to
>> 172.22.4.254 dst-port 3128 setup in via vr0 keep-state
>
> I don't know. I did not think it will work. The way I understand it,
> is that fwd is a little like routing, it does not change the ip
> packet, so in effect it only change the mac address of the next hop
> and the interface, if needed.
No. Really it does not meter where a packet was caught. It's marked for
forwarding if it's matched with a fwd rule.
--
Dixi.
Sem.
More information about the freebsd-ipfw
mailing list