Re: FreeBSD 4.9 ipfw natd -- Port Forwarding

[Adam Humphrey <hump () casualritual com>]

I tried the ipfw fwd command as well with no success.  It was forwarding the
packets perfectly but they were still addressed to the outside IP address of
my freeBSD server and my internal web server was dropping them because they
were not addressed to its IP.

Thanks for the help.

Regards,

Adam


> From: Ng Pheng Siong <ngps () netmemetic com>
> Date: Tue, 29 Jun 2004 08:22:41 +0800
> To: Adam Humphrey <hump () casualritual com>
> Cc: <firewall-wizards () honor icsalabs com>
> Subject: Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding
>
> On Fri, Jun 25, 2004 at 05:27:18PM -0700, Adam Humphrey wrote:
> > Natd.conf:
> > redirect_port tcp 192.168.1.101:80 80
> >
> > But now my web logs show everything coming from my firewall's external IP
> > address and not the actual IP of the request.
> >
> > How do I get the original IP for the request to pass though my firewall and
> > get my log files displaying the appropriate source IP addresses?
>
> I use 'ipfw fwd', no NAT. I don't see the problem you describe. In my case
> the packets are being forwarded to a RFC 1918-addressed jail within the
> same box. Purely from a packet flow perspective I think there is no
> difference between this and forwarding to an external server, although I
> can't rule out the involvement of some magic kernel knobs and I haven't
> read the code in a while.
>
> Example from my /etc/rc.firewall.rules:
>
>   add <number> fwd 192.168.x.x tcp from any to x.x.x.x 80 keep-state setup
>
> See manpage for more info on 'fwd'.
>
> HTH. Cheers.
>
> -- 
> Ng Pheng Siong <ngps () netmemetic com>
>
> http://firewall.rulemaker.net -+- Version Control for Cisco PIX & Netscreen
> http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL/Zope, Blog


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards