From owner-freebsd-questions Tue Mar 12 12:54:43 2002 Delivered-To: freebsd-questions@freebsd.org Received: from victory.quay.net (gateway.quay.net [216.187.106.90]) by hub.freebsd.org (Postfix) with ESMTP id 7BE2737B402 for ; Tue, 12 Mar 2002 12:54:29 -0800 (PST) Received: from quay.net (localhost.pier.quay.net [127.0.0.1]) by victory.quay.net (Postfix) with SMTP id AC7E25D4A for ; Tue, 12 Mar 2002 15:54:28 -0500 (EST) Received: from 47.129.110.160 (SquirrelMail authenticated user amckay) by secure.quay.net with HTTP; Tue, 12 Mar 2002 15:54:28 -0500 (EST) Message-ID: <2760.47.129.110.160.1015966468.squirrel@secure.quay.net> Date: Tue, 12 Mar 2002 15:54:28 -0500 (EST) Subject: NAT/PPPoE/ipfw problem From: "Alan McKay" To: In-Reply-To: <2707.47.129.110.160.1015966228.squirrel@secure.quay.net> References: <2707.47.129.110.160.1015966228.squirrel@secure.quay.net> Reply-To: amckay@istop.com X-Mailer: SquirrelMail (version 1.2.0 [rc2]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Folks, I'm using FreeBSD 4.5 RELEASE for my firewall, and using it's native ppp to manage my PPPoE connection. When doing this, one uses ppp's native NAT, and not natd. I have a web cam running on port 80 of a private PC at home, and want to forward that out to some obscure port on the firewall. Let's just say for the sake of argument port 4711. My firewall (ipfw) rules include : allow tcp from any to 4711 setup I have the same rule on port 80 for the apache server running on the firewall, and it works. The above rulle I have right beside my port 80 rule in the this. However, when I try to hit port 4711 from outside, and do a "ipfw show", it drops right through that rule to about 5 rules below where I deny all connections from outside (after allowing the few that I want to allow). So I never get to try to see if my NAT rules are correct. In my /etc/ppp/ppp.conf file I have (among other things) : nat enable yes nat log yes nat target MYADDR nat port tcp :80 4711 Any ideas why my firewall rule is not allowing the 4711 connection? I'm stumped! Are there any good examples of using PPPoE's NAT in combo with ipfw to port-forward to something on the private side? cheers, -Alan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message