Date: Tue, 14 May 2002 11:06:46 -0400 From: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com> To: "Vladimir Terziev" <vlady@rila.bg> Cc: <freebsd-security@freebsd.org> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Message-ID: <032101c1fb58$fc090d30$c801a8c0@vsivyoung> References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <20020514175742.2acc6f7a.vlady@rila.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
> Redirection is made by ipfw or by natd? > > > On Tue, 14 May 2002 10:52:12 -0400 > "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com> wrote: > > > Hi Guys! > > > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > > > xl0 - external interface > > xl1 - internal interface > > > > ipfw and natd + port_redirect works just fine! > > > > My problem is that when someone from the internal network > > is trying to hit external_IP:redirected_port, the redirection > > is not working for him - connection refused. > > It works only for host from outside (Internet). > > > > For simplicity lets assume that the firewall type is *open*. > > > > What rules to ipfw or natd I need in order to permit > > the port redirection to works for the internal hosts, also? > > > > I RTFM, I search the archives but I didn't found a clear > > answer to that situation. > > > > This is common problem to the corporate servers behind > > firewalls_with_natd_and_redirected_port and probably deserve > > to be into FreeBSD handbook - otherwise, good documentation! > > > > There is some security concerns *is port_redirection a good idea > > at all*, but that's it I need this working - don't ask why ;-) > > > > Thanks in advance! > > > > --Miro > > By natd in rc.conf : natd_flags="-redirect_port tcp 192.168.1.100:21 21" --Miro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?032101c1fb58$fc090d30$c801a8c0>