Ask a Question related to FreeBSD, Design and Development.
-
Aragon Gouveia #1
ipfw fwd problem - FreeBSD 5.3
Hi,
I'm running a 5.3 gateway/proxy. To it is connected an ADSL modem with the
5.3 box performing the PPPoE, as well as a cisco router on another ethernet
interface.
My default route is out the ADSL line (tun0), but I need to be able to
forward packets matched on the basis of destination port to the cisco
router.
I've been doing this for over a year using ipfw fwd. However, I recently
upgraded from 4.7 to 5.3 and since then my ruleset no longer works. I've
torn the ruleset down to just basic divert and fwd rules and just can't seem
to get it behaving as it did before.
My internal LAN interface is rl0.
Interface to cisco router [9.9.9.9] is vx0 [8.8.8.8].
ADSL is connected to rl0, but after PPPoE encap it's tun0.
My rules:
150 divert 8668 tcp from 192.168.0.2 to any dst-port 22 out recv rl0
160 count log tcp from any to 1.2.3.4 dst-port 22
200 fwd log 9.9.9.9 tcp from 8.8.8.8 to any dst-port 22
210 count log tcp from any to 1.2.3.4 dst-port 22
When I ssh from 192.168.0.2 to 1.2.3.4 this is what is logged:
Feb 21 16:39:57 <security.info> draper kernel: ipfw: 160 Count TCP 192.168.0.2:1604 1.2.3.4:22 in via rl0
Feb 21 16:39:57 <security.info> draper kernel: ipfw: 210 Count TCP 192.168.0.2:1604 1.2.3.4:22 in via rl0
Feb 21 16:39:57 <security.info> draper kernel: ipfw: 160 Count TCP 8.8.8.8:1604 1.2.3.4:22 out via tun0
Feb 21 16:39:57 <security.info> draper kernel: ipfw: 200 Forward to 9.9.9.9 TCP 8.8.8.8:1604 1.2.3.4:22 out via tun0
Feb 21 16:39:57 <security.info> draper kernel: ipfw: 160 Count TCP 8.8.8.8:1604 1.2.3.4:22 out via tun0
Feb 21 16:39:57 <security.info> draper kernel: ipfw: 200 Forward to 9.9.9.9 TCP 8.8.8.8:1604 1.2.3.4:22 out via tun0
I am running PPP with -nat as well as a natd process. Any packets that are
routed out the ADSL will have their source address rewritten by PPP. The
seperate natd process is aliasing for vx0's address of 8.8.8.8.
they are matching the fwd rule at 200, but they simply aren't being>From what I can see above, my packets are being rewritten by rule 150 and
forwarded as specified in the rule. Instead they're going via the default
route. The end result is that the source address is rewritten again by PPP
and, of course, the packet goes out the wrong interface.
Any know what's up with this?
Thanks,
Aragon
Aragon Gouveia Guest
-
Compile FreeBSD RELENG_5 on FreeBSD 4-STABLE
Hi. I have a FreeBSD 4-STABLE machine. I want to do my custom RENELG_5 FreeBSD release. I'm get all RELENG_5 CVS source (with cvs checkout... -
ipfw and nmap
I am fairly new to IPFW, I have question regarding the stateful part of it. Now I may just be misunderstanding this so set me straight if I am.... -
pg 8.0 on freebsd 5.3 install problem
Hi all, I just installed pg 8.0 on freeBSD 5.3. All is ok, but if I try to increase max_connections to 256 (or more) pg do not starts. ... -
ruby-fcgi problem on freebsd
I'm having a problem trying to set up a ruby-fcgi web site on my virtual server, which runs freebsd (4.5). Apparently, the freebsd setup that I'm... -
unable to install oracle 9.2.0.1 Java problem on FreeBSD 4.7
Hi, I use FreeBSD 4.7 and I try to intall oracle for personnal use, but when I try to start the installation I always have the same error...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
