From owner-freebsd-questions  Sun Jan 28  0:26:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 2DDF037B698
	for <questions@freebsd.org>; Sun, 28 Jan 2001 00:26:17 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sun, 28 Jan 2001 00:24:22 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f0S8QHG86524;
	Sun, 28 Jan 2001 00:26:17 -0800 (PST)
	(envelope-from cjc)
Date: Sun, 28 Jan 2001 00:26:15 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: "Marius M. Rex" <marius@mail.communityconnect.com>
Cc: questions@FreeBSD.ORG
Subject: Re: IPfwd
Message-ID: <20010128002615.T10761@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.21.0101280022390.504-100000@milux.ny.home>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.0101280022390.504-100000@milux.ny.home>; from marius@mail.communityconnect.com on Sun, Jan 28, 2001 at 12:54:51AM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Jan 28, 2001 at 12:54:51AM -0500, Marius M. Rex wrote:
> 
> I have a little home network on which I run ipfw and nat.  My significant
> other wants to participate in napster, so I wrote a firewall rule so she
> could do so.  She can now sit at her computer, connect, and download
> songs.  I have a dynamic ip address, so I wrote it thusly.
> 
>   $fwcmd add 1500 pass tcp from any to any 6699 in via ${oif}

I do not see how this is required for you to connect to Napster. You
do not need allow incoming connections on 6699/tcp for Napster as far
as know.

> But of course, no one can connect to her computer and download songs
> from her.  She has a ip address that is translated by NAT into the one ip
> address that I have, on the FreeBSD box.  An unsolicited outside
> connection is not supposed to be able to set up a connection.
> But she wants to be able to give back.  So I thought I would just forward
> that port.  She is the only one who uses Napster, it seemed fairly
> reasonable.  So I recheached with Napster, and confirmed that it should
> answer requests for downloads from 6699.  
> 
>   $fwcmd add 1501 fwd 10.0.0.3 tcp from any to any 6699
> 
> This looks to me like it should forward all traffic from port 6699 to her
> machine, 10.0.0.3.

It probably does.

>  But still no-one can download music from her.  Am I
> forwarding it wrong?

Yes. You do not want to forward the packets. You want to translate
them. natd(8) is the right tool for doing NAT. See 'redirect_port' on
the manpage.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message