Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 7 Oct 2003 16:07:21 -0700
From:      "Drew Tomlinson" <drew@mykitchentable.net>
To:        "Tech Support" <tech@bennymid.com>, "freebsd-questions" <freebsd-questions@freebsd.org>
Subject:   Re: Gateway / Port redirection 
Message-ID:  <004901c38d27$c3dfc950$65166ba5@lc.ca.gov>
References:  <5E833948-F8F3-11D7-8478-000A95A05832@skilltreeconsulting.com><012401c38d07$76b95210$e400a8c0@ape> <06b101c38d0f$97710c20$0a00a8c0@a>
next in thread | previous in thread | raw e-mail | index | archive | help 
----- Original Message ----- 
From: "Tech Support" <tech@bennymid.com>
To: "freebsd-questions" <freebsd-questions@freebsd.org>
Sent: Tuesday, October 07, 2003 1:14 PM

> Background
>
> I am currently running freeBSD 4.8 on a box as
> a) a gateway for the house for internet access on dialup permanant IP

...

> i )  port Sentry

Is this your firewall?

> I need to run a couple of programs inside the lan where ports are
> directed to them from outside  the lan  eg all the above services are
> located on the Bsd box ( 192.168.x.x ) and i need to direct port 5060
> to 192.168.0.7 ( for arguments sake )

...

> a) is this overkill ( is there an EASIER way to do what I want ( port
> redirecting ) ( bearing in mind that although the lights are on in the
> attic they are at times low wattage :-)  )
>
> b ) WHAT do I need to change on my BSD box ( rc.conf  etc ) to make it
> work the way described ? Remembering that this is only temporary .

If you use ipfw that's available with the base system (you have to add
an option to your kernel config to enable), then you get a very
configurable firewall with the ability to port forward.  If all you
wanted to do is forward traffic on a few ports and leave everything else
wide open, your rule set would be as simple as:

ipfw add fwd 192.168.0.7 from any 5060 to me
ipfw add allow from any to any

Of course I recommend that you do not leave your system wide open but if
Port Sentry is already filtering your traffic to your liking, you can
just use the forwarding feature of ipfw.  See man ipfw and the handbook
for more info.

Note:  The above assumes that ipfw sees a dial-up interface just like
any other network interface.  I've never used dial-up but have had no
problems using ipfw to forward packets with regular Ethernet interfaces.
YMMV.

HTH,

Drew

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004901c38d27$c3dfc950$65166ba5>