Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding

From: Ng Pheng Siong (ngps_at_netmemetic.com)
Date: 06/29/04

  • Next message: Adam Humphrey: "Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding" 
    To: Adam Humphrey <hump@casualritual.com>
Date: Tue, 29 Jun 2004 08:22:41 +0800

    On Fri, Jun 25, 2004 at 05:27:18PM -0700, Adam Humphrey wrote:
    > Natd.conf:
    > redirect_port tcp 192.168.1.101:80 80
    >
    > But now my web logs show everything coming from my firewall's external IP
    > address and not the actual IP of the request.
    >
    > How do I get the original IP for the request to pass though my firewall and
    > get my log files displaying the appropriate source IP addresses?

    I use 'ipfw fwd', no NAT. I don't see the problem you describe. In my case
    the packets are being forwarded to a RFC 1918-addressed jail within the
    same box. Purely from a packet flow perspective I think there is no
    difference between this and forwarding to an external server, although I
    can't rule out the involvement of some magic kernel knobs and I haven't
    read the code in a while.

    Example from my /etc/rc.firewall.rules:

      add <number> fwd 192.168.x.x tcp from any to x.x.x.x 80 keep-state setup

    See manpage for more info on 'fwd'.

    HTH. Cheers. 

    -- 
Ng Pheng Siong <ngps@netmemetic.com> 
http://firewall.rulemaker.net -+- Version Control for Cisco PIX & Netscreen 
http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL/Zope, Blog
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Adam Humphrey: "Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding"

    Relevant Pages

    • Re: webcam through ISA 2004
      ... I set up a rule for the web server within the cam. ... Forwarding all traffic ... being requested, which is confusing since the initial request publishes ... That bears no significance over a web publishing rule. ...
      (microsoft.public.isa)
    • Re: IAS suddenly stopped working for some time and then magically worked again
      ... Got it, thanks Rainer. ... thanks for forwarding the feature request! ... request to the devs and other team members. ...
      (microsoft.public.internet.radius)
    • Re: VPN okay, but cant map shares
      ... request on to the SBS2003 server on the 192.168.1.xxx address. ... forwarding port 445 would do, but it doesn't seem to work. ... in the request to map the share instead of being able to use the port ...
      (microsoft.public.windows.server.sbs)
    • Re: IWDFIoRequest::ForwardToIoQueue does not return immediately
      ... do not block in the queue you are forwarding to. ... A request is first handled by an DefaultIoHandler and then ... WdfIoQueueDispatchParallel or WdfIoQueueDispatchSequential. ...
      (microsoft.public.development.device.drivers)
    • Re: How to prevent a request being sent to aspnet_wp
      ... When IIS is reset OR ASP.Net process is recycled...then for the ... So during this time if any .aspx request comes...I don't want it to ... requests it will start forwarding .aspx requests to ASPNET_isapi.dll. ...
      (microsoft.public.dotnet.framework)