From owner-freebsd-questions@FreeBSD.ORG Wed Sep 26 15:01:32 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD2EB16A4EC for ; Wed, 26 Sep 2007 15:01:32 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net [66.92.78.145]) by mx1.freebsd.org (Postfix) with ESMTP id 94E3013C4A3 for ; Wed, 26 Sep 2007 15:01:32 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id 7EF492844C; Wed, 26 Sep 2007 11:01:31 -0400 (EDT) To: "mr. phreak" References: <46F70504.9050709@phreaker.net> From: Lowell Gilbert Date: Wed, 26 Sep 2007 11:01:31 -0400 In-Reply-To: <46F70504.9050709@phreaker.net> (mr. phreak's message of "Mon\, 24 Sep 2007 00\:29\:56 +0000") Message-ID: <44wsudfp2s.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.99 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: IPFW + NATD FORWARDING X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2007 15:01:32 -0000 "mr. phreak" writes: > Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of > people have > and I've googled my ass off. Still I can't get it right. I'm trying to > forward port 1213 in/out for dc++ usage. > > this is my setup: > > __WAN router (192.168.1.1) > | > | > (FreeBSD gateway/fw NIC1:ath0 (public) NIC2:rl0 (LAN) ) > | > |__ > LAN (10.10.10.0/24) > > I use stateful rules and I'd like to forward port 1213 both ways using > natd. I know NATD should take care of this as long as i allow port > 1213 in/out from the firewall. I've tried this at almost every > position in the ipfw.rules and now i ask where i should put it?? i.e > it's not there right now. > > I've tried: > > $cmd [num] allow all from any to any 1213 (at various positions in > ipfw.rules) still doesn't work. > > $cmd [num] divert natd all from any to any 1213. > > Can someone help me? Your firewall configuration is rather unconventional, but the basic idea makes sense. What isn't clear is how you want to use this "dc++" program within your infrastructure. Because you are using dynamic rules, I assume that you want the connections to always originate inside your network. If that is the case, you shouldn't need any special configuration to natd (because every connection will be learned from the initial packet). If that's not the case, you will need to pick one internal machine to receive the connections coming in from outside.