From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 19:33:42 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 756B837B422 for ; Wed, 6 Aug 2003 19:33:42 -0700 (PDT) Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9871643FCB for ; Wed, 6 Aug 2003 19:33:40 -0700 (PDT) (envelope-from sheepkiller@cultdeadsheep.org) Received: (qmail 87602 invoked from network); 7 Aug 2003 02:33:38 -0000 Received: from unknown (HELO chuck.cultdeadsheep.org) (192.168.0.12) by goofy.cultdeadsheep.org with SMTP; 7 Aug 2003 02:33:38 -0000 Date: Thu, 7 Aug 2003 04:33:43 +0200 From: Clement Laforet To: boxend@swbell.net Message-Id: <20030807043343.088f2470.sheepkiller@cultdeadsheep.org> In-Reply-To: <7ti3jvsotr2gdvbtsvb2a76l5p0hh6uduo@4ax.com> References: <7ti3jvsotr2gdvbtsvb2a76l5p0hh6uduo@4ax.com> Organization: tH3 cUlt 0f tH3 d3@d sH33p X-Mailer: Sylpheed version 0.9.4 (GTK+ 1.2.10; i386-portbld-freebsd5.1) X-Face: ._cVVRDn#-2((lnfi^P7CoD4htI$4+#G/G)!w|,}H5yK~%(3-C.JlEYbOjJGFwJkt*7N^%z jYeu[;}]}F"3}l5R'l"X0HbvT^D\Q&%deCo)MayY`);TO Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: ipfw natd forward port 80 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 02:33:42 -0000 On Wed, 06 Aug 2003 21:28:19 -0700 boxend@swbell.net wrote: > > I want to forward port 80 from an outside ip to an internal ip of > 192.168.1.150 dc1 is tun0 pppoe / dc0 is lan > I have read what seems like 5 diff ways to do this but the only > result has been to lock myself out of the computer. > What have I missed. > rc.conf settings > firewall_enable="YES" > firewall_script="/etc/firewall/fwrules" > firewall_quiet="YES" > firewall_logging_enable="YES" > #log_in_vain="YES" > tcp_drop_synfin="NO" > tcp_restrict_rst="NO" > icmp_drop_redirect="YES" > natd_enable="YES" > natd_interface="tun0" > natd_flags="-dynamic" > gateway_enable="YES" > ppp_enable="YES" > ppp_mode="ddial" > ppp_profile="default" seems to be good. > ipfw show > 00050 fwd 192.168.1.150,80 tcp from any to 192.168.1.150 in via tun0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ = BAD use this natd_flags="-dynamic -redirect_port 192.168.1.150:80 80"