Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 Sep 2001 17:38:42 -0500 (CDT)
From:      Nick Rogness <nick@rogness.net>
To:        alexus <ml@db.nexgen.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: port forwarding through natd and/or ipfw
Message-ID:  <Pine.BSF.4.21.0109121728170.22476-100000@cody.jharris.com>
In-Reply-To: <000701c13bc3$66c6f160$0d00a8c0@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 12 Sep 2001, alexus wrote:

> my public ip address is 66.92.98.145 and internal ip is 192.168.0.13
> port that my XP workstation listens on is 3389r
> 
> here is form XP (part from netstat)
> 
>   TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
> 
> so it *is* listening..
> 
> first i've tryed through natd
> 
> su-2.05# grep 3389 /etc/natd.conf
> redirect_port tcp 192.168.0.13:3389 3389

	This is how you want to do it...not ipfw fwd.

[snip]
> 
> then i've tryed through firewall (ipfw)
> 
> 00333 6 288 fwd 66.92.98.145,3389 tcp from any to 192.168.0.13 3389

	ipfw fwd is NOT related to natd.  For your purpose do not use ipfw
	fwd, you need something like:

		ipfw divert natd ip from any to any via fxp0

	Or a couple entries in /etc/rc.conf:

		natd_enable="YES"
		natd_interface="fxp0"
		natd_flags="-f /etc/natd.conf"
> 
> this was a little bit more suscess then others due to at least this
> rule was matched .. but i didn't get to my XP workstation:(

	You do not need forwarding as the "IP packet processing
	system" will deliver that packet after divert has changed it.

> 
> i *did* enabled firewall in kernel
> 
> su-2.05# grep FIREWALL box
> options         IPFIREWALL              #firewall
> options         IPFIREWALL_VERBOSE      #print information about
> options         IPFIREWALL_VERBOSE_LIMIT=10    #limit verbosity
> options         IPFIREWALL_FORWARD      #enable transparent proxy support
> su-2.05#

	You need:

		options		IPDIVERT 

	also in the kernel config file.


Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
  "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109121728170.22476-100000>