On Tue, Jan 23, 2018 at 10:39 AM, Andrey V. Elsukov <bu7c...@yandex.ru> wrote:
> On 23.01.2018 19:17, Alan Somers wrote: > >>> Unfortunately, pf currently lacks this capability. But it looks like > it > >>> could be added without breaking existing pf.conf syntax. Would this > be a > >>> good idea? > >>> > >>> I don't use ipfw, but from reading the man page I believe that it has > the > >>> same problem. > >> > >> I think ipfw should work with such configuration using "fwd" action, > >> since TCP/UDP has special handling for this. > > > > > > The man page says that the fwd directive always takes an IP address. > What > > I need is a way to forward the port without changing the IP address. Is > > that possible in ipfw? > > "fwd" rule does not changing nor IP address, nor port. It uses some > magic with PCB lookup in the TCP/UDP code. > Just tried this: > > # ipfw add fwd ::1,5678 tcp from any to any 4000 > # nc -6 -l ::1 5678 > > And from another host tried: > # telnet -6 fc00::1 4000 > > And this works. > This does not work for me. When I try, tcpdump shows that the host running ipfw returns an RST packet when it receives a SYN for port 4000. That sounds like the fwd rule isn't working. And it's probably not working because I'm a total ipfw n00b. Is there anything else I need to configure in ipfw first? My rc.conf file looks like: firewall_enable="YES" firewall_type="open" _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
