From owner-freebsd-questions Thu May 16 2:30:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from brutele.be (212.68.218.22.brutele.be [212.68.218.22]) by hub.freebsd.org (Postfix) with SMTP id 69DF537B400 for ; Thu, 16 May 2002 02:28:25 -0700 (PDT) Subject: ipf/ipnat question To: FreeBSD Questions From: Oli Reply-To: oli@blacktrap.net X-Mailer: My fingers and my keyboard v1.0b ;-) Message-Id: <20020516092825.69DF537B400@hub.freebsd.org> Date: Thu, 16 May 2002 02:28:25 -0700 (PDT) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I have ipf active as firewall on my internet gateway, with ipnat for the address translation. The gateway has basically 2 NICs, one to the cable-modem (dc0) and the other to my home LAN(dc1 -> 192.168.2.0/24), providing internet access to comps on the LAN. I can't figure how to get MSN special features like VoiceChat, WhiteBoard and such to work. I know the different ports MSN uses but is there a way to make it work through the gateway? My ipfilter rules are basically the default, blocking unused ports below 1024 and invalid stuff and allowing anything dc0 proto tcp/udp with port > 1023. Then I tried all kinds of forwarding rules with ipnat such as: rdr dc0 0/32 port 6891 -> 192.168.2.21 port 6891 tcp/udp rdr dc0 0/32 port 3389 -> 192.168.2.21 port 3389 tcp/udp rdr dc0 0/32 port 1503 -> 192.168.2.21 port 1503 tcp/udp to no avail... Of course the default NAT rules are active too: map dc0 192.168.2.0/24 -> 0/32 proxy port ftp ftp/tcp map dc0 192.168.2.0/24 -> 0/32 portmap tcp/udp 10000:60000 map dc0 192.168.2.0/24 -> 0/32 I only want this to work with one computer on the LAN (2.21) but it doesnt work. Is it possible at all with ipfilter/ipnat? How? Or do I need some sort of proxy to translate the addresses inside the messages MSN sends? If that is the case what would do the job? Any help would be greatly appreciated, I've been looking for an answer for too long ;-) I wouldn't care about MSN at all, but you know the kind of things a girlfriend can make you do... *chuckle* If there is anything else you need to know about my config, I'll be glad to provide my config files etc.. Thanks a lot for any help! -- Oli To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message