ipfw port forwarding

[LuKreme]

On 9-Dec-2007, at 18:49, John Musbach wrote:

> I have internet sharing enabled on one mac which is in a dmz and am
> trying to get another mac which is connected to the dmz'd mac via
> internet sharing to have traffic received by the dmz'd mac for a
> certain port to be forwarded to the connected mac...however the
> terminal command "sudo ipfw add 02110 forward 10.0.2.7 in" doesn't
> work (returns from missing but if I add "from any" after the ip I get
> a invalid syntax error regarding that statement so I don't understand
> what it wants), what am I doing wrong? Thanks!

Good luck.  I asked about this a few weeks ago and nothing that was  
suggested worked.  My situation is slightly different, but  
functionally the same.  I have a PC connected to my Mac Pro's second  
ethernet port via gigabit ethernet and want a port from the outside to  
be forwarded to the PC.  Have not been able to get this working.

I also tried running the app on my MacPro with VMWare Fusion.  That  
also did not work.

I think you have to enable IP Forwarding first, unless that has  
changed in recent OS X versions.

# sysctl -w net.inet.ip.forwarding=1

and then I think the syntax would be

# ipfw add 1000 forward localhost,800 tcp from any to 10.0.2.7 via en0

which should forward anything that comes in to port 800 on to the  
machine at 10.0.2.7, also on port 800

> P.S. Obviously the easiest solution would to dmz this mac in question
> as well right? Unfortunately the router I'm using only allows one IP
> to be in a dmz at a time

Of course, you can only have one machine in a DMZ because you only  
have one external IP address.

>

-- 
There's a race of men that don't fit in,
A race that can't stay still
So they break the hearts of kith and kin,
And they roam the world at will.