From owner-freebsd-questions@FreeBSD.ORG Fri Oct 21 06:09:07 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF3EC16A41F for ; Fri, 21 Oct 2005 06:09:07 +0000 (GMT) (envelope-from guru@Sisis.de) Received: from hunter.Sisis.de (hunter.sisis.de [193.31.11.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id E131343D46 for ; Fri, 21 Oct 2005 06:09:06 +0000 (GMT) (envelope-from guru@Sisis.de) Received: (from mail@localhost) by hunter.Sisis.de (8.8.8/8.8.8) id IAA00970; Fri, 21 Oct 2005 08:07:46 +0200 (CEST) (envelope-from guru@Sisis.de) From: guru@Sisis.de Received: from hermes.sisis.de(193.31.10.38) by hunter.Sisis.de via smap (V2.1) id xma000966; Fri, 21 Oct 05 08:07:37 +0200 Received: from rebelion.Sisis.de (rebelion.Sisis.de [193.31.10.34]) by hermes.sisis.de (8.8.8/8.8.8) with ESMTP id IAA17261; Fri, 21 Oct 2005 08:09:03 +0200 (CEST) (envelope-from guru@Sisis.de) Received: (from guru@localhost) by rebelion.Sisis.de (8.13.3/8.13.3/Submit) id j9L68rd1001483; Fri, 21 Oct 2005 08:08:53 +0200 (CEST) (envelope-from guru@Sisis.de) X-Authentication-Warning: rebelion.Sisis.de: guru set sender to guru@Sisis.de using -f Date: Fri, 21 Oct 2005 08:08:53 +0200 To: Efren Bravo Message-ID: <20051021060853.GA1148@rebelion.Sisis.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 5.4-RELEASE (i386) Cc: freeBSD Subject: Re: natd redirect help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: guru@Sisis.de List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Oct 2005 06:09:07 -0000 El día Thursday, October 20, 2005 a las 02:19:55PM -0500, Efren Bravo escribió: > Hi, > > I've a freebsd5.4 with ipfw and natd. I need that external users can enter > to my internal network services (http, ftp, etc). > > freebsd box: > out interface: 200.x.x.x > in interface: 10.x.x.x > > /etc/rc.conf file: > ------------------ > gateway_enable="YES" > > firewall_enable="YES" > firewall_script="/etc/ipfw.rules" > firewall_logging="YES" > > natd_enable="YES" > natd_interface="vr0" > natd_flags="-f /etc/natd.conf" > > /etc/natd.conf file: > -------------------- > redirect_port tcp 10.x.x.x:8080 80 #redirec to internal web server > > > The question is if I've to open the port 80 on freeBSD's vr0 because I not > able to enter to those services. Hola Elfren, I don't use 'ipfw' and 'natd', but we use ipfw/ipnat in our firewall and with this the rules would be like this: /etc/ipnat.rules: # HTTP: # xxx.xxx.xxx.xxx.xxx is the oficial IP addr on NIC 'em1' # rdr em1 xxx.xxx.xxx.xxx/32 port 80 -> 10.0.1.202 port 80 /etc/ipf.rules: # Allow in standard www function because I have apache server # will be NAT routed to the webserver 10.0.1.202 # pass in quick on em1 proto tcp from any to any port = 80 flags S keep state Un abrazo matthias -- Matthias Apitz / Sisis Informationssysteme GmbH Gruenwalder Weg 28g / D-82041 Oberhaching Fon: ++49 89 / 61308-351, Fax: -399, Mobile ++49 170 4527211 http://www.sisis.de/