From owner-freebsd-questions  Wed Apr 26  3:18:30 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from boat.mail.pipex.net (our.mail.pipex.net [158.43.128.75])
	by hub.freebsd.org (Postfix) with SMTP id 3D20637B673
	for <freebsd-questions@FreeBSD.ORG>; Wed, 26 Apr 2000 03:18:27 -0700 (PDT)
	(envelope-from Ian.Hunter@uk.uu.net)
Received: (qmail 20354 invoked from network); 26 Apr 2000 10:18:26 -0000
Received: from mailhost.puck.pipex.net (HELO mailhost.uk.internal) (194.130.147.54)
  by our.mail.pipex.net with SMTP; 26 Apr 2000 10:18:26 -0000
Received: (qmail 15520 invoked from network); 26 Apr 2000 10:18:22 -0000
Received: from camgate2.cam.uk.internal (172.31.6.21)
  by mailhost.uk.internal with SMTP; 26 Apr 2000 10:18:22 -0000
Received: by camgate2.cam.uk.internal with Internet Mail Service (5.5.2650.21)
	id <2WDJKSNY>; Wed, 26 Apr 2000 11:17:37 +0100
Message-ID: <B4757C8289AAD311852F00805FE64E2C2C669C@camexch3.cam.uk.internal>
From: Ian Hunter <Ian.Hunter@uk.uu.net>
To: "'freebsd-questions@FreeBSD.ORG'" <freebsd-questions@FreeBSD.ORG>
Subject: Setting up firewall and letting thro' special services
Date: Wed, 26 Apr 2000 11:14:47 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi Folks,

I've managed to set up a server with a firewall and running NATD, so
I'm feeling slightly smug. Thanks to those who provided me with pointers

However, the reason for running natd is to allow external access to
an internal service not on the FBSD box and this is not working. Could
somebody just confirm that my understanding of how this should work
is correct....

My rc.conf contains the following.....

natd_enable="YES"               # Enable natd (if firewall_enable == YES).
natd_interface="tun0"           # Public interface to use with natd.
natd_flags="-dynamic -f /etc/natd.rules"           # Additional flags for
natd.


and /etc/natd.rules contains.....

redirect_port udp <inside_machine>:<port> <port>

[<inside_machine> is a wintel box behind my FBSD machine listening on <port>

Now, my *belief* is that when I present a request from outside to the FBSD
on <port>, natd
translates the packets such as to set the destination as <inside_machine>,
the
source as the fbsd machine and then presents to the firewall which duly
passes
to <inside_machine>. natd somehow remembers this so as to translate replies
back
to the outside.

So, I should be able to connect to this service from outside transparently.

Any comments or suggestions much appreciated

Thanks
Ian Hunter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message