Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Jan 2001 00:26:15 -0800
From:      "Crist J. Clark" <cjclark@reflexnet.net>
To:        "Marius M. Rex" <marius@mail.communityconnect.com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: IPfwd
Message-ID:  <20010128002615.T10761@rfx-216-196-73-168.users.reflex>
In-Reply-To: <Pine.BSF.4.21.0101280022390.504-100000@milux.ny.home>; from marius@mail.communityconnect.com on Sun, Jan 28, 2001 at 12:54:51AM -0500
References:  <Pine.BSF.4.21.0101280022390.504-100000@milux.ny.home>
index | next in thread | previous in thread | raw e-mail 

On Sun, Jan 28, 2001 at 12:54:51AM -0500, Marius M. Rex wrote:
> 
> I have a little home network on which I run ipfw and nat.  My significant
> other wants to participate in napster, so I wrote a firewall rule so she
> could do so.  She can now sit at her computer, connect, and download
> songs.  I have a dynamic ip address, so I wrote it thusly.
> 
>   $fwcmd add 1500 pass tcp from any to any 6699 in via ${oif}

I do not see how this is required for you to connect to Napster. You
do not need allow incoming connections on 6699/tcp for Napster as far
as know.

> But of course, no one can connect to her computer and download songs
> from her.  She has a ip address that is translated by NAT into the one ip
> address that I have, on the FreeBSD box.  An unsolicited outside
> connection is not supposed to be able to set up a connection.
> But she wants to be able to give back.  So I thought I would just forward
> that port.  She is the only one who uses Napster, it seemed fairly
> reasonable.  So I recheached with Napster, and confirmed that it should
> answer requests for downloads from 6699.  
> 
>   $fwcmd add 1501 fwd 10.0.0.3 tcp from any to any 6699
> 
> This looks to me like it should forward all traffic from port 6699 to her
> machine, 10.0.0.3.

It probably does.

>  But still no-one can download music from her.  Am I
> forwarding it wrong?

Yes. You do not want to forward the packets. You want to translate
them. natd(8) is the right tool for doing NAT. See 'redirect_port' on
the manpage.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010128002615.T10761>