From owner-freebsd-questions@FreeBSD.ORG Sun Dec 28 01:30:24 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A67B91065673 for ; Sun, 28 Dec 2008 01:30:24 +0000 (UTC) (envelope-from kusanagiyang@gmail.com) Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.186]) by mx1.freebsd.org (Postfix) with ESMTP id 60AEB8FC18 for ; Sun, 28 Dec 2008 01:30:24 +0000 (UTC) (envelope-from kusanagiyang@gmail.com) Received: by rn-out-0910.google.com with SMTP id j71so2966676rne.12 for ; Sat, 27 Dec 2008 17:30:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=LnM5UAOG2RLrqTouX/0rhd0k2ptSU2XURd2CwLhmSCI=; b=Ey5RQQcYpVCzcmC27U0bULweUrYXG8XQWPIWssrnVIkxXWoOPyAK44Q/9FPWgc2Caw X0kRiyl74o4Ukx0mmYT97fpaLuzSYlZkWBGT3ZF+/ao4FHrCKw68+a55R+B7u2gU0cUC xG3IbsNxtXph8uEAw7CN4w9qH+pWXQa8QiphY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=OYj/U8zGydv4SXWNAMPFFFZMjTq24Oa4WZcCC/5LUON8ttANIoy4uAXva91pGv+pNK YJHDGEvEmfcpQ0j6wQKG344ZbdLDuEz1eZ8x6PEAQq4gfbibdwc/1jvmO4SVSGFsdwZq GXSw5ClPr9K3LXAX1i87/vCQghhEmQhjh0Y6w= Received: by 10.65.218.13 with SMTP id v13mr9491966qbq.69.1230427823292; Sat, 27 Dec 2008 17:30:23 -0800 (PST) Received: by 10.64.208.13 with HTTP; Sat, 27 Dec 2008 17:30:23 -0800 (PST) Message-ID: Date: Sat, 27 Dec 2008 17:30:23 -0800 From: "Richard Yang" To: usleepless@gmail.com In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: questions@freebsd.org Subject: Re: nat and ipfw, port forwarding X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Dec 2008 01:30:24 -0000 thank you, usleep (nice name)i somehow made it work by 1. add "redirect_port udp 10.0.0.200:50000 50000" in natd.conf 2. allow all traffic and diversion in ipfw.rules i tried to limit the traffic by modifying the rules in ipfw.rules, but unsuccessfully. so i just leave it be at this moment. i am very confused by the roles of natd and ipfw, and how they should work together. rich On Sat, Dec 27, 2008 at 8:40 AM, wrote: > Hi Ricard, > > On Fri, Dec 26, 2008 at 9:27 PM, Richard Yang wrote: > >> hi, >> i have a ssh machine behind a freebsd firewall with nat and ipfw. >> how do i make port forwarding so internet can access the ssh machine? >> thanx >> > > i think you need to configure /etc/ipnat.conf ( read 'man ipnat' ). this is > a example definition: > rdr em1 0.0.0.0/0 port 2223 -> 192.168.1.96 port 22 > > ( this redirects incoming traffic on outside-interface em1 port 2223 to an > internal machine on port 22 ) > > also, include "firewall_nat_enable" in your rc.conf ( read 'man rc.conf' ) > > to configure the settings from ipnat.conf, run "ipnat -C -f > /etc/ipnat.conf" > > regards, > > usleep > >> >> >