Date: Tue, 05 Oct 1999 19:42:42 -0700 From: "+ +" <uvatha@my-Deja.com> To: freebsd-questions@freebsd.org Cc: cjc@cc942873-a.ewndsr1.nj.home.com Subject: Re: port forwarding, again Message-ID: <CFKKIIDBDHDEBAAA@my-deja.com>
next in thread | raw e-mail | index | archive | help
I said:
> All I need to do is forward TCP packets that arriveat
> my firewall (running FreeBSD 2.2.7) on a certain port
> (let's say 4000) to the same port on a machine on my
> local network. It seems that I should be able to do > this by adding a single ipfw rule to my rc.firewall.
Crist said:
> Not in 2.2.x you can't (if my 2.2.8-STABLE system
> docs are correct). However, is there a reason you
> can't poke a hole in the firewall at 4000 to let
> packets pass?
It's a masqueraded network, so the internal addresses
(10.x.x.x) are not accessable to the outside world,
firewall or not.
Crist also said:
> People do ask this a lot. The proper tool for doing
> this is natd(8). Think about it, network address
> translation is really what you are trying to do here.
> You want a machine behind the firewall/natd
> box to have its address translated. You would use a
> "divert" rule in ipfw(8) to pass traffic of interest
> to natd(8) which then can then
Ah-HA! That is indeed a very good pointer.
From the natd man page:
-redirect_port linkspec
Redirect incoming connections arriving to given port
to another host and port. Linkspec is of the form
proto targetIP:targetPORT [aliasIP:]aliasPORT [re-
moteIP[:remotePORT]]
where proto is either tcp or udp, targetIP is the
desired target IP number, targetPORT is the desired
target PORT number, aliasPORT is the requested PORT
number and aliasIP is the aliasing address. RemoteIP
and remotePORT can be used to specify the connection more accurately if necessary. For example, the
argument
tcp inside1:telnet 6666
means that tcp packets destined for port 6666 on this
machine will be sent to the telnet port on the inside1
machine.
Sounds like just what I wanted. However, executing:
killall natd
natd -u -m -n fxp0 -redirect_port tcp 10.0.0.6:4000 4000
Did not seem to have the desired effect. (No errors were reported, it just doesn't seem to be doing the port forward.)
Any more thoughts?
--== Sent via Deja.com http://www.deja.com/ ==--
Share what you know. Learn what you don't.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CFKKIIDBDHDEBAAA>