ipfw fwd command
cpratt at ptserv.net
Mon Jan 29 14:51:33 UTC 2007
I'm hooking up a second T1 to a FreeBSD 6.2 apache webserver.
It's use is to be extremely simplistic having no NAT, no load balancing
nor even failover capabilities. I'd like for packets entering on either
interface to leave on the interface the arrived on. From what I've
read, this can be done by:
1. Compile and install kernel with IPFIREWALL_FORWARD
2. ifconfig the new additional ethernet card
3. modify apache Listen
4. add security and forwarding statements to ipfw
The last step concerns me because ipfw's fwd command in man is
not really discussed in detail to determine that this is what it's for.
What I've read suggests that given:
x.y.z.1 = new T1 Router gateway, new ISP
x.y.z.2 = new IP for the server on new NIC
a.b.c.1 = existing T1 Router gateway, current ISP
a.b.c.2 = existing IP existing NIC (is defaultrouter)
I should be able to put in:
ipfw add <nnnn> fwd x.y.z.1 ip from x.y.z.2 to any
The question is, will this actually allow packets arriving on the
interface with x.y.z.2 to return back out that interface without
impact to the existing configuration and routing?
If so, should this command appear early in the rule list or
following the security oriented rules for the new interface
(e.g., after allowing port 80 in and established connections
I'm not subscribed to the list so please do reply to me also.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-questions