From owner-freebsd-questions Fri Sep 21 16:28:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from tomts16-srv.bellnexxia.net (tomts16.bellnexxia.net [209.226.175.4]) by hub.freebsd.org (Postfix) with ESMTP id BF07937B41A for ; Fri, 21 Sep 2001 16:28:24 -0700 (PDT) Received: from khan.anarcat.dyndns.org ([65.92.167.85]) by tomts16-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20010921232823.KNI18565.tomts16-srv.bellnexxia.net@khan.anarcat.dyndns.org> for ; Fri, 21 Sep 2001 19:28:23 -0400 Received: from shall.anarcat.dyndns.org (shall.anarcat.dyndns.org [192.168.0.1]) by khan.anarcat.dyndns.org (Postfix) with ESMTP id 537B51AA7 for ; Fri, 21 Sep 2001 19:00:37 -0400 (EDT) Received: by shall.anarcat.dyndns.org (Postfix, from userid 1000) id 3CD4220B4A; Fri, 21 Sep 2001 19:00:33 -0400 (EDT) Date: Fri, 21 Sep 2001 19:00:33 -0400 From: The Anarcat To: freebsd-questions@freebsd.org Subject: can't make redirect_port work in natd.conf Message-ID: <20010921190033.A8843@shall.anarcat.dyndns.org> Mail-Followup-To: The Anarcat , freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I have a NAT router setup here for my ADSL connection. I decided to enable an internal webserver and make it externally available.=20 For testing purposes, I tried aliasing it to 8080, so that I could test the connection and firewall rules necessary, while keeping my old webserver online. I figured out how to make it, but it was odd. I had to add the following rules after the rule 300 (loopback setup in default setup): allow tcp from any to 192.168.0.2 80 out xmit ep1 setup allow tcp from any to 192.168.0.2 80 in recv tun0 setup allow tcp from 192.168.0.2 80 to any established allow tcp from any to 192.168.0.2 80 established I also had to add a allow tcp from any to me 80,8080 in recv tun0 setup to allow connections to 8080. But I could place this after the divert rule... This is odd for me, but it makes it work *for 8080*. This is with the line: redirect_port tcp 192.168.0.2:80 8080 in my natd.conf. If I replace this line with: redirect_port tcp 192.168.0.2:80 80 and restart natd, the 8080 alias is still in place! And the real alias (80 -> 80) doesn't work!!! Maybe I just don't understand how natd and ipfw interact... This is my natd.conf: su-2.05# cat natd.conf=20 # logging log yes log_denied yes log_facility security # useful dynamic yes interface tun0 use_sockets yes same_ports yes # redirect http to shall redirect_port tcp 192.168.0.2:80 8080 su-2.05#=20 Any ideas? A. --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Pour information voir http://www.gnupg.org iEYEARECAAYFAjurxpAACgkQttcWHAnWiGe3WACfYwYqr4vtClYXr0SBiYS9/LZt rOYAoIT5nybMVjc2vpkUfEg3nIEwlzca =FUoz -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message