From owner-freebsd-questions@FreeBSD.ORG  Sun Mar  6 19:17:11 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9B08516A4CE
	for <freebsd-questions@freebsd.org>;
	Sun,  6 Mar 2005 19:17:11 +0000 (GMT)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3F78343D55
	for <freebsd-questions@freebsd.org>;
	Sun,  6 Mar 2005 19:17:11 +0000 (GMT)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from root by ciao.gmane.org with local (Exim 4.43)
	id 1D8192-0004Pi-Ay
	for freebsd-questions@freebsd.org; Sun, 06 Mar 2005 20:10:28 +0100
Received: from jrpenn.demon.co.uk ([194.222.241.254])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <freebsd-questions@freebsd.org>; Sun, 06 Mar 2005 20:10:28 +0100
Received: from jeff+list+news by jrpenn.demon.co.uk with local (Gmexim 0.1
	(Debian))        id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Sun, 06 Mar 2005 20:10:28 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Jeff Penn <jeff+list+news@jrpenn.demon.co.uk>
Date: Sun, 6 Mar 2005 19:07:28 +0000 (UTC)
Lines: 18
Message-ID: <slrnd2bb9u.1oni.jeff+list+news@beastie.jrpenn.demon.co.uk>
References: <20050225233650.X66135@sun.home.homeunix.org>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: jrpenn.demon.co.uk
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
X-Gmane-MailScanner: Found to be clean
X-Gmane-MailScanner: Found to be clean
X-MailScanner-From: freebsd-questions@m.gmane.org
X-MailScanner-To: freebsd-questions@freebsd.org
Subject: Re: Question about ipfw, natd and port forwarding.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2005 19:17:11 -0000

Deling Ren <lg+freebsd@home.homeunix.org>:
> Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
> I am using ipfw and natd. I already got nat running but I am having
> problem with port forwarding. I am trying to forward port 80 on the nat
> box to an internal machine (192.168.0.7). I have the following as part of

> I have no problem connecting port 80 on the nat box from outside. But as I
> added stateful ipfw rules, it stops working. Running nmap from outside
> says port 80 is filtered. I am not sure how to configure the rules to
> enable port forwarding. Any help will be appreciated. Thanks.

> 00005 allow ip from any to any via $iif

This is a limitation of ipfw, nat cannot be used with keep-state rules.
If $iif above is ppp you can get around this by configuring ppp(8) to
perform nat.

Jeff