[Bug 239590] ipfw rule doesn't forward TCP connections made through the host's LAN address
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Aug 2 04:54:15 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239590
Bug ID: 239590
Summary: ipfw rule doesn't forward TCP connections made through
the host's LAN address
Product: Base System
Version: 11.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: yuri at freebsd.org
I need to forward incoming TCP connections made to my host 192.168.5.3 on the
port 3100 to the IP address 10.0.0.101 port 3000 connected through another
interface.
These rules work when connection is made from a remote host:
> ipfw -q nat 19001 config redirect_port tcp 10.0.0.101:3000 192.168.5.3:3100
> ipfw -q add 19001 nat 19001 tcp from any to 192.168.5.3 3100 in recv sk0
> ipfw -q add 19001 nat 19001 tcp from 10.0.0.101 3000 to any out xmit sk0
The problem:
A similar firewall rule for connections from the host's LAN IP address (that
pass through lo0) doesn't work:
> ipfw -q add 19001 nat 19001 tcp from 192.168.5.3 to 192.168.5.3 3100 in recv lo0
Wireshark shows that the incoming connection is from 192.168.5.3 to 192.168.5.3
on 3100 but it gets immediately rejected instead of being forwarded.
This rule looks very similar to the second rule above, just the interface is
different. Why doesn't it work?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list