Date: Tue, 5 Oct 1999 21:30:02 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: uvatha@my-Deja.com (+ +) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: port forwarding, again Message-ID: <199910060130.VAA13971@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <DEDLKBGMAHLDBAAA@my-deja.com> from %2B %2B at "Oct 5, 1999 05:15:55 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
+ + wrote, > Hi all, > > I posted this question last week in the form of "Can > I do port forwarding with 2.2.7?" Yes, but not with ipfw(8) alone. > I'm going to post > again in the form of, "Can I do it at all?", because > I'm against a brick wall here. (No one replied to my post; I'm hoping I didn't phrase the question right.) Dunno. What often happens is no one has an exact answer, so they leave it for someone who does. No one seemed to offer one, so I'll offer what little info I have. > All I need to do is forward TCP packets that arrive at > my firewall (running FreeBSD 2.2.7) on a certain port > (let's say 4000) to the same port on a machine on my > local network. It seems that I should be able to do this by adding a single ipfw rule to my rc.firewall. Not in 2.2.x you can't (if my 2.2.8-STABLE system docs are correct). However, is there a reason you can't poke a hole in the firewall at 4000 to let packets pass? That can get the same job done. > However, the ipfw man page is cryptic and offers no > examples for my situation. Nor do any of the archives > for this list seem to tackle this exact problem. People do ask this a lot. The proper tool for doing this is natd(8). Think about it, network address translation is really what you are trying to do here. You want a machine behind the firewall/natd box to have its address translated. You would use a "divert" rule in ipfw(8) to pass traffic of interest to natd(8) which then can then forward the packets as you want. > I *really* need to get this running, hopefully soon, > and with a minimum of fuss. My order of fallbacks, > then, will be: > > 1) Learn how to do it with 2.2.7 and ipfw. I was hoping this would be easy. Just need to figure out the ipfw(8)-natd(8) combo to do it. > 2) Learn that I need a newer version of FreeBSD and > do some sort of painful upgrade. (The machine is not > really in any shape to do a "make world", > unfortunately, and it does not have a CD-ROM drive > anymore.) FreeBSD 3.x has a "fwd" action in ipfw(8). However, unless the host receiving the packet is pretty smart, this probably will not work the way you would want. The "fwd" rule _does not alter the packet_ it forwards; it does not do NATd. The "fwd" mechanism is aimed more towards proxying applications running on localhost. > 3) Learn that I cannot do it with FreeBSD. Wipe the > hard drive, install Linux, and do it with ipchains. > I'd rather not do this. If you know how to do it and are confortable with ipchains... I may incur the wrath of some on the list, but if it must get done, get it done however you know how. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910060130.VAA13971>