I 'm not sure I understand but....
firstly.. the 'fwd' keyword DOES NOT ALTER THE PACKET
so you need to have the same rule on 139.142.135.115
so that the incoming packet is captured there, whe it gets there,
as the headers still say that it's supposed to go somewhere else.
On Tue, 10 Jul 2001, Peter Warrick wrote:
> Ok one last question.. :)
>
> I am trying to redirect all the traffic on a certain port except for a
> couple of computers.. I have this rule setup to do this..
>
> fwd 139.142.135.115 tcp from any to any 80
>
> How would I then make it so that those couple of machines are not
> effected.. I've tried the following..
>
> allow tcp from 192.168.0.2 to any 80 via en0
> allow tcp from any 80 to 192.168.0.2 in recv en0
> allow tcp from 192.168.0.2 to any 80 via en1
> allow tcp from any 80 to 192.168.0.2 in recv en1
> allow tcp from 1.2.3.5 to any 80
please draw a diagram..
I can't figure out what you want to do..
(I think the answer is to make the exceptions 'skipto' past the line that
does the fwd.)
>
> None of these have worked either alone or together.. Any ideas??
>
> Thanks again.
>
> Peter.
>
> On Tuesday, July 10, 2001, at 05:06 PM, Nick Rogness wrote:
>
> > On Tue, 10 Jul 2001, Julian Elischer wrote:
> >
> >>
> >>
> >> On Tue, 10 Jul 2001, Nick Rogness wrote:
> >>> You need to add another rule:
> >>>
> >>> ipfw add divert natd all from $PUBLIC_IP to any in via en0
> >> ^ ^
> >> \----------/
> >> swap these
> >>
> >>
> >>>
> >>> The $PUBLIC_IP should be the IP of en0. This will only work if
> >>> your non-diverted traffic is using a different public IPs...which
> >>> I'm assuming you are.
> >>
> >> OR you don NOT want other machines to be able to get out.
> >
> > Ooops...yep he's right...relized that after I read Julian's
> > original response.
> >
> >
> > Nick Rogness <[EMAIL PROTECTED]>
> > - Keep on Routing in a Free World...
> > "FreeBSD: The Power to Serve!"
> >
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
