forum.lissyara.su

Код: Выделить всё

     fwd | forward ipaddr | tablearg[,port]
             Change the next-hop on matching packets to ipaddr, which can be
             an IP address or a host name.  The next hop can also be supplied
             by the last table looked up for the packet by using the tablearg
             keyword instead of an explicit address.  The search terminates if
             this rule matches.

             If ipaddr is a local address, then matching packets will be for-
             warded to port (or the port number in the packet if one is not
             specified in the rule) on the local machine.
             If ipaddr is not a local address, then the port number (if speci-
             fied) is ignored, and the packet will be forwarded to the remote
             address, using the route as found in the local routing table for
             that IP.
             A fwd rule will not match layer-2 packets (those received on
             ether_input, ether_output, or bridged).
             The fwd action does not change the contents of the packet at all.
             In particular, the destination address remains unmodified, so
             packets forwarded to another system will usually be rejected by
             that system unless there is a matching rule on that system to
             capture them.  For packets forwarded locally, the local address
             of the socket will be set to the original destination address of
             the packet.  This makes the netstat(1) entry look rather weird
             but is intended for use with transparent proxy servers.

             To enable fwd a custom kernel needs to be compiled with the
             option options IPFIREWALL_FORWARD.