Date: Wed, 25 Sep 2002 09:41:44 +0200 From: "Juraj Petrik" <juro@software602.sk> To: <freebsd-security@freebsd.org> Cc: <freebsd-ipfw@freebsd.org> Subject: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease Message-ID: <002201c26467$1fdf9270$7a01a8c0@pcjuro>
next in thread | raw e-mail | index | archive | help
hello, can you help me, please, I'm trying to run firewall with using IPFilter, IPNAT and Dummynet, on FreeBSD I'm readed so much HOWTOs but, I can't do redirection to another server in internal network: rl0 - WAN (194.x.x.0/24) 194.x.x.22 if FreeBSD box rl1 - LAN (192.168.1.0/24) 192.168.1.22 if FreeBSD box rl2 - DMZ (10.0.0.0/24) 10.0.0.22 if FreeBSD box my server is now on LAN, not on DMZ. I'm using FreeBSD 4.7 prerelease from CVS. In kernel config have added: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=30 options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options DUMMYNET options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK options RANDOM_IP_ID in /etc/rc.conf have: tcp_extensions="YES" gateway_enable="YES" portmap_enable="NO" #firewall_enable="YES" #firewall_type="/etc/dummynet.conf" #firewall_logging="NO" ipfilter_enable="YES" ipfilter_flags="" ipfilter_rules="/etc/ipf.conf" ipnat_enable="YES" ipnat_flags="" ipnat_rules="/etc/ipnat.conf" ipmon_enable="YES" ipmon_flags="-Dns -l block" in /etc/ipf.conf: pass in log all pass out log all in /etc/ipnat.conf: map rl0 192.168.1.0/24 -> 194.x.x.22/32 map rl0 0/0 -> 194.x.x.22/32 proxy port ftp ftp/tcp map rl0 192.168.1.0/24 -> 194.x.x.22/32 portmap tcp/udp 12500:60000 map rl0 192.168.1.0/24 -> 194.x.x.22/32 rdr rl0 194.x.x.22/32 port 80 -> 192.168.1.35 port 80 rdr rl0 194.x.x.22/32 port 22 -> 192.168.1.35 port 22 NAT from LAN to internet works OK, but from Internet I can't redirct connect to server on LAN (192.168.1.35) Please help me ANYBODY!!!! -jp- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002201c26467$1fdf9270$7a01a8c0>