Firewall redirect doesn't work any more...
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Sep 19 08:28:22 UTC 2008
...or am I missing something?
I've a box running:
FreeBSD whiplash.wheel.pl 7.0-STABLE FreeBSD 7.0-STABLE #0: Wed Jul 23 11:41:31 CEST 2008 root at puppet.wheel.pl:/usr/obj/usr/src/sys/WHIPLASH i386
I'm also running PF in there with the following rule:
rdr on fxp0 proto tcp from 10.0.1.9 to 10.0.0.2 port 88 -> 10.0.5.123 port 88
When I connect from 10.0.1.9 to 10.0.0.2:88 I can see redirected packet
leaving the box:
IP 10.0.1.9.43210 > 10.0.0.2.88: S [...]
IP 10.0.1.9.43210 > 10.0.5.123.88: S [...]
Ok. Now I've a box running:
FreeBSD bridge.wheel.pl 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Thu Sep 11 13:59:06 CEST 2008 root at bridge.wheel.pl:/usr/obj/usr/src/sys/BRIDGE i386
And the following PF rule:
rdr on fxp0 proto tcp from 10.0.0.2 to 10.0.5.123 port 88 -> 10.0.1.9 port 88
When I connect from 10.0.0.2 to 10.0.5.123:88 I no longer see redirected
packet leaving the box:
IP 10.0.0.2.60806 > 10.0.5.123.88: S [...]
I tried to redirect packet on the second box with IPFW, but also failed
(yes IPFIREWALL_FORWARD was compiled in).
Does something got broken or am I missing some configuration hint?
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080919/9e5776b2/attachment.pgp
More information about the freebsd-net
mailing list