From owner-freebsd-questions  Fri Oct 15 21:24: 4 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from styx.uwa.edu.au (styx.uwa.edu.au [130.95.128.6])
	by hub.freebsd.org (Postfix) with ESMTP id 778B614EDD
	for <freebsd-questions@FreeBSD.ORG>; Fri, 15 Oct 1999 21:23:58 -0700 (PDT)
	(envelope-from mayd@cygnus.uwa.edu.au)
Received: from cygnus.uwa.edu.au (root@cygnusl.uwa.edu.au [130.95.128.5])
	by styx.uwa.edu.au (8.9.3/8.9.3/Debian/GNU) with ESMTP id MAA11310;
	Sat, 16 Oct 1999 12:23:52 +0800
Received: from chrysanthemum.localdomain (root@dial00-005-std.dy.uwa.cygnus.net.au [202.148.94.5])
	by cygnus.uwa.edu.au (8.8.8/8.8.5) with ESMTP id MAA25644;
	Sat, 16 Oct 1999 12:23:13 +0800 (WST)
Received: from chrysanthemum.localdomain (mayd@localhost [127.0.0.1])
	by chrysanthemum.localdomain (8.8.8/8.8.8) with ESMTP id MAA04005;
	Sat, 16 Oct 1999 12:03:30 +0800 (WST)
	(envelope-from mayd@chrysanthemum.localdomain)
Message-Id: <199910160403.MAA04005@chrysanthemum.localdomain>
X-Mailer: exmh version 2.0.2 2/24/98
To: "+ +" <uvatha@my-Deja.com>
Cc: freebsd-questions@FreeBSD.ORG
From: "David May, Powered by FreeBSD 2.2.6, somewhere in the Outback" <mayd@cygnus.uwa.edu.au>
Reply-To: mayd@cygnus.uwa.edu.au
Subject: Re: port forwarding, again 
In-reply-to: Your message of "Tue, 05 Oct 1999 17:15:55 MST."
             <DEDLKBGMAHLDBAAA@my-deja.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 16 Oct 1999 12:03:29 +0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I sympathise with your problem as I have been in the same situation.
I am a beginner at this ipfw/natd game but here are my suggestions:

1. You need more than "a single ipfw rule". In my own setup at work I needed
to run natd on the firewall to do the port forwarding from the firewall
to the internal host.  Plus I needed to add one or two rules to rc.firewall,
as you have, but watch out, the rules can have strange and unforseen effects. 
Plus I needed to add a default route on the internal host pointing back to the 
firewall. There must be better ways but I could not understand the natd 
documentation well enough to figure out how to use it as a proxy. Be aware that
this port aliasing may not work well with some protocols (ssh hated it).

2.  It might help to post your question to a list where it is more visible 
such
as freebsd-ipfw or freebsd-security.

By the way, I am using 3.2 at work but ipfw and natd on my 2.2.8 at home seem
very similar.

-- 
David May            |  mailto:mayd@cygnus.uwa.edu.au   | Finger for
                     |  finger:mayd@cygnus.uwa.edu.au   | PGP Public Key
                     |  http://cygnus.uwa.edu.au/~mayd  | 

``We are so used to thinking in terms of the `progress' of science that 
it is hard for us to remember that certain matters were better understood 
one hundred years ago.''
                                       Robert Hermann, in introduction to
              Felix Klein, Development of Mathematics in the 19th Century.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message