Re: packet forwarding _________________________________________________________________________________________________________________________________________________ * From: Guido van Rooij * Subject: Re: packet forwarding * Date: Wed, 07 Apr 2004 02:24:08 -0700 _________________________________________________________________________________________________________________________________________________ On Tue, Apr 06, 2004 at 01:53:41PM +0200, Alessandro de Manzano wrote: > > Hello, > > I'm currently using IPF 3.4.31 on a FreeBSD 4.9p3 box. This machine is > a three-homed gateway/firewall/ipnat/proxy machine. > > Because of particular routing of my situation (default route towards a > "pseudo-public" WAN uplink and 2nd uplink towards DMZ, etc.) I've problems > using MPD (a BSD PPP daemon on steroids, acting as PPTP server > endpoint for our VPNs). Infact, public incoming connections are coming > from an interface but my box answers via the other link . > > Making short a long explaination :) I think I'ld need a feature in IPF > I was not able to reproduce in other ways, that is a "packet forward" > action. > > On FreeBSD's IPFW2 it would be: > > "fwd 10.20.30.40 tcp from 1.2.3.4 1723 to any" > (and "fwd 10.20.30.40 gre from 1.2.3.4 to any") > >first rule match only IP packets coming from 1.2.3.4 from port TCP/1723 >(1.2.3.4 is my address) and change their _next_ _hop_ to 10.20.30.40, >actually bypassing normal kernel routing tables). >I know it sounds like a bit hackish ;) but in some cases (as mine) >it's useful. So my question is: is there a way to make something similar with IPF/IPNAT ? Any ideas ? Many thanks in advance! Use the "to" option. e.g.: pass in quick on fxp0 to ep0:10.20.30.40 proto tcp from 1.2.3.4 to any -Guido _________________________________________________________________________________________________________________________________________________ pass in quick on em0 to em0:192.168.1.1 from any to 1.2.3.4 This will change next hop to 192.168.1.1 from anything going to 1.2.3.4