| | List |
| Subject: | Re: is ipfw "fwd" act same as router ? |
| Poster: | HenriHenneberthlh@restart.be |
| Date: | Wed, 21 Mar 2007 16:10:05 -0500 |
| Related Postings: | 1 2 3 4 5 6 7 |
patrice wrote:
> "Henri Hennebert" a écrit dans le message de
> news:etr432$p07$1@morzine.restart.bel...
>> I have a doubt, does natd tag its table enties with the interface ?
>> in this case, the output packet is tagged with tun0 and the
>> corresponding response is tagged with bge0; the reverse translation is
>> not done.
>>
>> To have more insight I would run natd with the -v option (the one
>> listenning on 3615).
>>
>
> Here is the trace (look like chinese for me)
> 10.10.21.1 is the one who tried to http://194.167.78.73:8080
> with rules:
> ivert 3615 log tcp from any to any dst-port 8080 out via tun0
> 02099 fwd 192.168.0.254 log tcp from 192.168.0.101 to any via tun0
>
> Out {default} 00000000[TCP] [TCP] 10.10.21.1:3242 -> 194.167.78.73:8080
> aliased
> to
> [TCP] 192.168.0.101:3242 -> 194.167.78.73:8080
> Out {default} 0000ffff[TCP] [TCP] 10.10.21.1:3242 -> 194.167.78.73:8080
> aliased
> to
> [TCP] 192.168.0.101:3242 -> 194.167.78.73:8080
> Out {default} 0000ffff[TCP] [TCP] 10.10.21.1:3242 -> 194.167.78.73:8080
> aliased
> to
> [TCP] 192.168.0.101:3242 -> 194.167.78.73:8080
>
> Hope you can understand something.
>
>
This trace don't show any input packet, are you sure that a ipfw rule
divert the response packets ?
I think we should see something like:
In {default} 0000ffff[TCP] 194.167.78.73:8080 -> 192.168.0.101:3242
aliased to 194.167.78.73:8080 -> 10.10.21.1:3242
Can you post all your ipfw rules ?
Henri
|
|