Firewall Wizards mailing list archives
Re: FreeBSD 4.9 ipfw natd -- Port Forwarding
From: Ng Pheng Siong <ngps () netmemetic com>
Date: Tue, 29 Jun 2004 08:22:41 +0800
On Fri, Jun 25, 2004 at 05:27:18PM -0700, Adam Humphrey wrote:
Natd.conf: redirect_port tcp 192.168.1.101:80 80 But now my web logs show everything coming from my firewall's external IP address and not the actual IP of the request. How do I get the original IP for the request to pass though my firewall and get my log files displaying the appropriate source IP addresses?
I use 'ipfw fwd', no NAT. I don't see the problem you describe. In my case the packets are being forwarded to a RFC 1918-addressed jail within the same box. Purely from a packet flow perspective I think there is no difference between this and forwarding to an external server, although I can't rule out the involvement of some magic kernel knobs and I haven't read the code in a while. Example from my /etc/rc.firewall.rules: add <number> fwd 192.168.x.x tcp from any to x.x.x.x 80 keep-state setup See manpage for more info on 'fwd'. HTH. Cheers. -- Ng Pheng Siong <ngps () netmemetic com> http://firewall.rulemaker.net -+- Version Control for Cisco PIX & Netscreen http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL/Zope, Blog _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- FreeBSD 4.9 ipfw natd -- Port Forwarding Adam Humphrey (Jun 28)
- Message not available
- Re: FreeBSD 4.9 ipfw natd -- Port Forwarding Anton Alin-Adrian (Jun 29)
- Message not available
- Re: FreeBSD 4.9 ipfw natd -- Port Forwarding Ng Pheng Siong (Jun 29)
- Re: FreeBSD 4.9 ipfw natd -- Port Forwarding Adam Humphrey (Jun 29)
- Re: FreeBSD 4.9 ipfw natd -- Port Forwarding Ng Pheng Siong (Jun 29)
- Re: FreeBSD 4.9 ipfw natd -- Port Forwarding Adam Humphrey (Jun 29)