pf: redirect a packet's port but not its address?
Eugene Grosbein
eugen at grosbein.net
Tue Jan 23 18:42:15 UTC 2018
24.01.2018 1:26, Alan Somers wrote :
>> # ipfw add fwd ::1,5678 tcp from any to any 4000
>> # nc -6 -l ::1 5678
>>
>> And from another host tried:
>> # telnet -6 fc00::1 4000
>>
>> And this works.
>>
>
> This does not work for me. When I try, tcpdump shows that the host running
> ipfw returns an RST packet when it receives a SYN for port 4000. That
> sounds like the fwd rule isn't working. And it's probably not working
> because I'm a total ipfw n00b. Is there anything else I need to configure
> in ipfw first? My rc.conf file looks like:
>
> firewall_enable="YES"
> firewall_type="open"
ipfw rules are always numbered and while ipfw allows you to not specify rule number
when adding, it is wise to always specify it, or else it adds rules to the end of the list
and that is not what you want dealing with pre-defined "open" ruleset.
In short, use "ipfw add 2000 fwd ::1,5678 tcp from any to any 4000"
Use "ipfw show" to check it out before and after running this command.
More information about the freebsd-net
mailing list