Date: Sun, 28 Jan 2001 00:26:15 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Marius M. Rex" <marius@mail.communityconnect.com> Cc: questions@FreeBSD.ORG Subject: Re: IPfwd Message-ID: <20010128002615.T10761@rfx-216-196-73-168.users.reflex> In-Reply-To: <Pine.BSF.4.21.0101280022390.504-100000@milux.ny.home>; from marius@mail.communityconnect.com on Sun, Jan 28, 2001 at 12:54:51AM -0500 References: <Pine.BSF.4.21.0101280022390.504-100000@milux.ny.home>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 28, 2001 at 12:54:51AM -0500, Marius M. Rex wrote:
>
> I have a little home network on which I run ipfw and nat. My significant
> other wants to participate in napster, so I wrote a firewall rule so she
> could do so. She can now sit at her computer, connect, and download
> songs. I have a dynamic ip address, so I wrote it thusly.
>
> $fwcmd add 1500 pass tcp from any to any 6699 in via ${oif}
I do not see how this is required for you to connect to Napster. You
do not need allow incoming connections on 6699/tcp for Napster as far
as know.
> But of course, no one can connect to her computer and download songs
> from her. She has a ip address that is translated by NAT into the one ip
> address that I have, on the FreeBSD box. An unsolicited outside
> connection is not supposed to be able to set up a connection.
> But she wants to be able to give back. So I thought I would just forward
> that port. She is the only one who uses Napster, it seemed fairly
> reasonable. So I recheached with Napster, and confirmed that it should
> answer requests for downloads from 6699.
>
> $fwcmd add 1501 fwd 10.0.0.3 tcp from any to any 6699
>
> This looks to me like it should forward all traffic from port 6699 to her
> machine, 10.0.0.3.
It probably does.
> But still no-one can download music from her. Am I
> forwarding it wrong?
Yes. You do not want to forward the packets. You want to translate
them. natd(8) is the right tool for doing NAT. See 'redirect_port' on
the manpage.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010128002615.T10761>