How to change dst IP in packet with IPFW
Chuck Swiger
cswiger at mac.com
Wed Dec 2 23:09:26 UTC 2009
Hi--
On Dec 2, 2009, at 2:24 PM, Коньков Евгений wrote:
> Actually I have google clue: http://gara.opennet.ru/http_redirect.html
> but it is impossible to implement that with IPFW NAT.
> And now -a and -proxy_only are exclusive but in article as you can sen
> in examples they are not. article is dated 2002 year.
>
> NOTICE that src addr is not aliased to 10.11.19.1!
>
> kes# natd -a 10.11.19.1 -proxy_only yes -proxy_rule port 80 server 10.11.8.16:80 -v
Well, yes, if you are using proxy_only, you are explicitly disabling normal NAT rewriting of addresses-- the proxy_only thing is intended for "transparent proxies" which listen for all incoming traffic on the proxied ports regardless of whether the traffic is being sent to an IP address which the machine considers to be local.
As I said earlier, if you want to change the src addr, use redirect_address functionality instead of proxy_only.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list