[FUG-BR] Dúvida no ipfw fwd

[Marcello]

fwd | forward ipaddr | tablearg[,port]
             Change the next-hop on matching packets to ipaddr, which
can be
             an IP address or a host name.  The next hop can also be
supplied
             by the last table looked up for the packet by using the
tablearg
             keyword instead of an explicit address.  The search
terminates if
             this rule matches.

             If ipaddr is a local address, then matching packets will be
for-
             warded to port (or the port number in the packet if one is
not
             specified in the rule) on the local machine.
             If ipaddr is not a local address, then the port number (if
speci-
             fied) is ignored, and the packet will be forwarded to the
remote
             address, using the route as found in the local routing
table for
             that IP.
             A fwd rule will not match layer-2 packets (those received
on
             ether_input, ether_output, or bridged).
             The fwd action does not change the contents of the packet
at all.
             In particular, the destination address remains unmodified,
so
             packets forwarded to another system will usually be
rejected by
             that system unless there is a matching rule on that system
to
             capture them.  For packets forwarded locally, the local
address
             of the socket will be set to the original destination
address of
             the packet.  This makes the netstat(1) entry look rather
weird
             but is intended for use with transparent proxy servers.

             To enable fwd a custom kernel needs to be compiled with the
             option options IPFIREWALL_FORWARD.

Ou seja lá esta capturando o pacote?

Precisa usar ipfw pra isso ?

dá uma olhadinha nisso ....

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html

[]'s

> >>Fala Galera,
> >>
> >>Estou querendo fazer um fwd de porta p/ um determinado cliente, vide
> >>exemplo abaixo:
> >>
> >>firewal - FreeBSD 7
> >>xl0 - rede externa - 200.200.200.2/30, gw 200.200.200.1
> >>xl1 - rede interna - 200.210.210.1
> >>
> >>Temos 2 servidores de e-mail (sendo o 200.210.210.1 o gateway
> >>default):
> >>smtp1 - 200.210.210.5 e smtp2 - 200.210.210.6 - ambos FreeBSD com
> >>Postfix
> >>
> >>O que pretendo é redirecionar todo o tráfego de um cliente com IP
> >>200.230.230.33 que se conecta na smtp1 para o smpt2.
> >>
> >>Tentei colocar no firewall:
> >>
> >>ipfw add fwd 200.210.210.6,25 tcp from 200.230.230.33 to
> >>200.210.210.5 25
> >>Porém não está funcionando. O contador do "ipfw show" até incrementa,
> >>mas o cliente não se conecta. Estou fazendo testes no cliente de
> >>"telnet 200.210.210.5 25" e termina por timeout. Sem a regra, ele se
> >>conecta sem problemas no smtp1 e smtp2.
> >