From owner-freebsd-stable@FreeBSD.ORG Sun Aug 20 06:12:06 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36A2816A4DF for ; Sun, 20 Aug 2006 06:12:06 +0000 (UTC) (envelope-from fydernix@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65B4F43D49 for ; Sun, 20 Aug 2006 06:12:05 +0000 (GMT) (envelope-from fydernix@gmail.com) Received: by wx-out-0506.google.com with SMTP id i27so1146194wxd for ; Sat, 19 Aug 2006 23:12:01 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=mp4NPkWE0o6FFZDiF4j+ks1m9M4zpPkUgOPQyhvzn1CbbiFw2fN66j3WAvyxm34Gp25a8Q71ueyGOv5PPlNG9riwxbZb+QCOrJsHAHhQlLAnBVj5GMHLAQ2AS6UxKkv2PBo464+h8yvgqbgGUrDPF6OKnLjz/RdBtECEkke08Zg= Received: by 10.90.105.19 with SMTP id d19mr1817agc; Sat, 19 Aug 2006 23:12:01 -0700 (PDT) Received: by 10.90.118.4 with HTTP; Sat, 19 Aug 2006 23:12:00 -0700 (PDT) Message-ID: Date: Sun, 20 Aug 2006 02:12:00 -0400 From: "SigmaX asdf" To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: Port forwarding with IPFW/NATD [SOLVED] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Aug 2006 06:12:06 -0000 Spoke too soon; figured it out not a minute later. It seems to work if I remove the divert rule for my server (10.0.0.2) from ipfw, and leave the natd parameter. SigmaX On 8/20/06, SigmaX asdf wrote: > I've setup a firewall box with IPFW and NATD with what the handbook > had to offer on the subject, and now would like to get traffic > forwarded to behind my shmancy new firewall. > > Google is purely confusing me on this one. From what I understand I > need to do one or more of the following: > > setup a divert rule for ipfw > setup a fwd rule for ipfw > setup a redirect_port rule for natd > compile forwarding support into my kernel > > Somehow I doubt it's all of the above. What am I supposed to do to > allow port forwarding? > > Thanx for any pointers, > SigmaX > > > > > # ipfw list > > 00010 divert 8668 tcp from any to 10.0.0.2 dst-port 80 > > 00050 divert 8668 ip4 from any to any via rl0 > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00300 deny ip from 127.0.0.0/8 to any > > 65000 allow ip from any to any > > 65535 deny ip from any to any > > > > Semi-relevant rc.conf options: > > > > > gateway_enable="YES" > > firewall_enable="YES" > > firewall_type="open" > > natd_enable="YES" > > natd_interface="rl0" > > natd_flags="-dynamic -m -f /etc/natd.conf" > > ipfw_enable="YES" > > > > natd.conf: > > > > > redirect_port tcp 10.0.0.2:80 80 > > > > >