ipfw fwd command

---

• From: Chris <cpratt@xxxxxxxxxx>
• Date: Mon, 29 Jan 2007 06:34:06 -0800

---

I'm hooking up a second T1 to a FreeBSD 6.2 apache webserver.
It's use is to be extremely simplistic having no NAT, no load balancing
nor even failover capabilities. I'd like for packets entering on either
interface to leave on the interface the arrived on. From what I've
read, this can be done by:

1. Compile and install kernel with IPFIREWALL_FORWARD
2. ifconfig the new additional ethernet card
3. modify apache Listen
4. add security and forwarding statements to ipfw

The last step concerns me because ipfw's fwd command in man is
not really discussed in detail to determine that this is what it's for.
What I've read suggests that given:

x.y.z.1 = new T1 Router gateway, new ISP
x.y.z.2 = new IP for the server on new NIC
a.b.c.1 = existing T1 Router gateway, current ISP
a.b.c.2 = existing IP existing NIC (is defaultrouter)

I should be able to put in:

ipfw add <nnnn> fwd x.y.z.1 ip from x.y.z.2 to any

The question is, will this actually allow packets arriving on the
interface with x.y.z.2 to return back out that interface without
impact to the existing configuration and routing?

If so, should this command appear early in the rule list or
following the security oriented rules for the new interface
(e.g., after allowing port 80 in and established connections
out)?

I'm not subscribed to the list so please do reply to me also.

Thank you,
Chris


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

---

• Prev by Date: Re: mknod, devfs and FreeBSD
• Next by Date: Re: how to enable linux flash player in firefox
• Previous by thread: [PMX:VIRUS] Returned mail: see transcript for details
• Next by thread: 6.1 hard freeze after 2 hrs cp from ntfs to ufs
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Routing with multiple IPs ... Do you have two _physical_ links or just 2 IPs given out by your ISP? ... > plugged on this hub too. ... > webserver (that will be on the LAN, ... > ip, on the box the ping comes through the eth1 interface, when it ... (comp.os.linux.networking) Re: How to increase folder size of my 2003 Autlook, it is full ... Your ISP has a webmail interface - go to the web, delete mail from your ISP mailbox there. ... Milly Staples [MVP - Outlook] ... I read your response to PeterM ... (microsoft.public.outlook) Re: IP Forwarding ... At first when we got Static IP's from the ISP there was no need to do PPPOE, ... > properties in IIS and change the binding to the proper interface. ... > like any other port forwarding. ... (microsoft.public.backoffice.smallbiz2000) Re: ASA 5520 Redundant Links Inbound/Outbound ... On our ASA 5520 we have two "Outside" interfaces that come ... I have a DMZ and INSIDE interface also. ... ISP nat'd to the exchange server and webserver. ... (comp.dcom.sys.cisco) RE: Multiple gateways ... First problem is you can not run an dhcp server for your ISP IP ... You should be using dhclient on the NIC interface name facing the ... The simplest way to utilize your 3 adsl connections to your ISP is ... same ISP) and other 3 for 3 sub networks class C ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > questions  > 2007-01