From owner-freebsd-questions@FreeBSD.ORG Thu Sep 23 15:24:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95FDA16A4CE for ; Thu, 23 Sep 2004 15:24:52 +0000 (GMT) Received: from it.buh.tecnik93.com (it.buh.tecnik93.com [81.196.204.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id C10D343D3F for ; Thu, 23 Sep 2004 15:24:49 +0000 (GMT) (envelope-from itetcu@apropo.ro) Received: from it.buh.tecnik93.com (localhost.buh.tecnik93.com [127.0.0.1]) by it.buh.tecnik93.com (Postfix) with SMTP id EEC024FB for ; Thu, 23 Sep 2004 18:24:42 +0300 (EEST) Date: Thu, 23 Sep 2004 18:24:41 +0300 From: Ion-Mihai Tetcu To: freebsd-questions@freebsd.org Message-ID: <20040923182441.59dbab73@it.buh.tecnik93.com> X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i386-portbld-freebsd5.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: vnc and nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 15:24:52 -0000 Hi, My brain feels a little fuzzy right now and I need to have this working a few hours ago. I need to connect to some vnc servers behind a natd/ipfw machine. The setup is: me(10.10.10.10)-~-rl0(20.20.20.20) nat/ipfw rl1(192.168.0.1)--(192.168.0.4)vnc On the nat/ipfw machine here's an except from ipfw rules: 01350 14 728 allow log tcp from 10.10.10.10 to me dst-port 5900-5999 keep-state 01500 65005 34232225 divert 8668 ip from any to any via rl0 1550 429 163094 allow log tcp from any to 192.168.0.4 And here's the nat config file: # cat /etc/natd.conf interface rl0 redirect_port tcp 192.168.0.4:5900-5999 5900-5999 redirect_port udp 192.168.0.4:5900-5999 5900-5999 use_sockets same_ports unregistered_only log log_denied log_ipfw_denied But the packets are not redirected: kernel: ipfw: 1350 Accept TCP 10.10.10.10:64010 82.76.1.117:5900 in via rl0 kernel: Connection attempt to TCP 20.20.20.20:5900 from 10.10.10.10:64010 fla gs:0x02 kernel: ipfw: 1350 Accept TCP 20.20.20.20:5900 10.10.10.10:64010 out via rl0 Telneting from nat/ipfw machine to 192.168.0.4 connects to the vnc server. What am I doing wrong ? Thanks, -- IOnut Unregistered ;) FreeBSD "user" 5.3-BETA4 - try `sysctl debug.witness_watch=0` and prepare to fly :-)