From owner-freebsd-questions@FreeBSD.ORG Tue Oct 7 16:07:28 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C8A816A4B3 for ; Tue, 7 Oct 2003 16:07:28 -0700 (PDT) Received: from blacklamb.mykitchentable.net (170-215-53-193.bras01.elk.ca.frontiernet.net [170.215.53.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AE4C43FBD for ; Tue, 7 Oct 2003 16:07:27 -0700 (PDT) (envelope-from drew@mykitchentable.net) Received: from L035522 (unknown [165.107.22.101]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 0BCAD3BF35A; Tue, 7 Oct 2003 16:07:26 -0700 (PDT) Message-ID: <004901c38d27$c3dfc950$65166ba5@lc.ca.gov> From: "Drew Tomlinson" To: "Tech Support" , "freebsd-questions" References: <5E833948-F8F3-11D7-8478-000A95A05832@skilltreeconsulting.com><012401c38d07$76b95210$e400a8c0@ape> <06b101c38d0f$97710c20$0a00a8c0@a> Date: Tue, 7 Oct 2003 16:07:21 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Gateway / Port redirection X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2003 23:07:28 -0000 ----- Original Message ----- From: "Tech Support" To: "freebsd-questions" Sent: Tuesday, October 07, 2003 1:14 PM > Background > > I am currently running freeBSD 4.8 on a box as > a) a gateway for the house for internet access on dialup permanant IP ... > i ) port Sentry Is this your firewall? > I need to run a couple of programs inside the lan where ports are > directed to them from outside the lan eg all the above services are > located on the Bsd box ( 192.168.x.x ) and i need to direct port 5060 > to 192.168.0.7 ( for arguments sake ) ... > a) is this overkill ( is there an EASIER way to do what I want ( port > redirecting ) ( bearing in mind that although the lights are on in the > attic they are at times low wattage :-) ) > > b ) WHAT do I need to change on my BSD box ( rc.conf etc ) to make it > work the way described ? Remembering that this is only temporary . If you use ipfw that's available with the base system (you have to add an option to your kernel config to enable), then you get a very configurable firewall with the ability to port forward. If all you wanted to do is forward traffic on a few ports and leave everything else wide open, your rule set would be as simple as: ipfw add fwd 192.168.0.7 from any 5060 to me ipfw add allow from any to any Of course I recommend that you do not leave your system wide open but if Port Sentry is already filtering your traffic to your liking, you can just use the forwarding feature of ipfw. See man ipfw and the handbook for more info. Note: The above assumes that ipfw sees a dial-up interface just like any other network interface. I've never used dial-up but have had no problems using ipfw to forward packets with regular Ethernet interfaces. YMMV. HTH, Drew