From owner-freebsd-net  Sat Sep 15 14:38: 5 2001
Delivered-To: freebsd-net@freebsd.org
Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4])
	by hub.freebsd.org (Postfix) with ESMTP id 87D9537B401
	for <freebsd-net@freebsd.org>; Sat, 15 Sep 2001 14:38:01 -0700 (PDT)
Received: from chimp.simianscience.com (cage.simianscience.com [64.7.134.1])
	by smtp1.sentex.ca (8.11.6/8.11.6) with SMTP id f8FLadT13636;
	Sat, 15 Sep 2001 17:36:39 -0400 (EDT)
	(envelope-from mike@sentex.net)
From: Mike Tancsa <mike@sentex.net>
To: ml@db.nexgen.com ("alexus")
Cc: freebsd-net@freebsd.org
Subject: Re: port forwarding through natd and/or ipfw
Date: Sat, 15 Sep 2001 17:36:39 -0400
Message-ID: <08i7qt07tvms7vedjvrnelbvjarfqdjv7r@4ax.com>
References: <SEN.1000323940.357365678@news.sentex.net>
In-Reply-To: <SEN.1000323940.357365678@news.sentex.net>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On 12 Sep 2001 15:45:40 -0400, in sentex.lists.freebsd.net you wrote:

>Hi
>
>My goal is to access my Windows XP workstation that is behind N.A.T. =
FreeBSD
>box's firewall

>my public ip address is 66.92.98.145 and internal ip is 192.168.0.13 =
port
>that my XP workstation listens on is 3389r
>
>00333       6        288 fwd 66.92.98.145,3389 tcp from any to =
192.168.0.13
>3389
>
>i *did* enabled firewall in kernel
>
>su-2.05# grep FIREWALL box
>options         IPFIREWALL              #firewall
>options         IPFIREWALL_VERBOSE      #print information about
>options         IPFIREWALL_VERBOSE_LIMIT=3D10    #limit verbosity
>options         IPFIREWALL_FORWARD      #enable transparent proxy =
support
>su-2.05#

I think you want DIVERT in there as well.  In /etc/natd.conf (or where =
you
keep your rules), you want=20

redirect_port tcp 192.168.0.13:3389 66.92.98.145:3389

Get rid of the 333 fwd rule.  Make sure there is the regular divert rule =
as
well that you get when you say YES to in /etc/rc.conf for natd.

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)	=09
Sentex Communications Corp,   	=09
Waterloo, Ontario, Canada
"Given enough time, 100 monkeys on 100 routers=20
could setup a national IP network." (KDW2)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message