Date: Fri, 21 Oct 2005 08:08:53 +0200 From: guru@Sisis.de To: Efren Bravo <efrenba@dhl.co.cu> Cc: freeBSD <questions@freebsd.org> Subject: Re: natd redirect help Message-ID: <20051021060853.GA1148@rebelion.Sisis.de> In-Reply-To: <WorldClient-F200510201419.AA19550042@dhl.co.cu> References: <WorldClient-F200510201419.AA19550042@dhl.co.cu>
next in thread | previous in thread | raw e-mail | index | archive | help
El día Thursday, October 20, 2005 a las 02:19:55PM -0500, Efren Bravo escribió: > Hi, > > I've a freebsd5.4 with ipfw and natd. I need that external users can enter > to my internal network services (http, ftp, etc). > > freebsd box: > out interface: 200.x.x.x > in interface: 10.x.x.x > > /etc/rc.conf file: > ------------------ > gateway_enable="YES" > > firewall_enable="YES" > firewall_script="/etc/ipfw.rules" > firewall_logging="YES" > > natd_enable="YES" > natd_interface="vr0" > natd_flags="-f /etc/natd.conf" > > /etc/natd.conf file: > -------------------- > redirect_port tcp 10.x.x.x:8080 80 #redirec to internal web server > > > The question is if I've to open the port 80 on freeBSD's vr0 because I not > able to enter to those services. Hola Elfren, I don't use 'ipfw' and 'natd', but we use ipfw/ipnat in our firewall and with this the rules would be like this: /etc/ipnat.rules: # HTTP: # xxx.xxx.xxx.xxx.xxx is the oficial IP addr on NIC 'em1' # rdr em1 xxx.xxx.xxx.xxx/32 port 80 -> 10.0.1.202 port 80 /etc/ipf.rules: # Allow in standard www function because I have apache server # will be NAT routed to the webserver 10.0.1.202 # pass in quick on em1 proto tcp from any to any port = 80 flags S keep state Un abrazo matthias -- Matthias Apitz / Sisis Informationssysteme GmbH Gruenwalder Weg 28g / D-82041 Oberhaching Fon: ++49 89 / 61308-351, Fax: -399, Mobile ++49 170 4527211 http://www.sisis.de/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051021060853.GA1148>