On Thursday, April 11, 2002, at 01:39 PM, Julian Elischer wrote:
> check out ipfw's 'fwd' command
Cool, never realized that was there. So, I tried it:
I recompiled my kernel after adding IPFIREWALL_FORWARD to it. Then:
ipfw add fwd 127.0.0.2,53 udp from any to 192.168.7.251 55
ipfw add fwd 127.0.0.2,53 tcp from any to 192.168.7.251 55
matt# ipfw show
00100 4 228 fwd 127.0.0.2,53 udp from any to 192.168.7.251 55
00200 0 0 fwd 127.0.0.2,53 tcp from any to
192.168.7.251 55
65535 528096 456266843 allow ip from any to any
(I use DEFAULT_TO_ACCEPT)
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<rxcsum,txcsum>
inet 192.168.7.251 netmask 0xfffffe00 broadcast 192.168.7.255
ether 00:01:02:38:2b:c7
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet 127.0.0.2 netmask 0xffffffff
DNS server still serves happily off 127.0.0.2:
matt# dig www.foo.com @127.0.0.2
; <<>> DiG 8.3 <<>> www.foo.com @127.0.0.2
<snip>
;; ANSWER SECTION:
www.foo.com. 1D IN A 207.89.154.94
<snip>
But it still won't serve off my external interface:
matt# dig -p55 www.foo.com @192.168.7.251
; <<>> DiG 8.3 <<>> -p55 www.foo.com @192.168.7.251
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 192.168.7.251: Connection refused
What am I missing?
Matt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
