From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 7 12:49:04 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C722716A41F for ; Sat, 7 Jan 2006 12:49:04 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EAF243D49 for ; Sat, 7 Jan 2006 12:49:04 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by smtp4-g19.free.fr (Postfix) with ESMTP id 741004A6B2; Sat, 7 Jan 2006 13:49:03 +0100 (CET) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 4857D9B85B; Sat, 7 Jan 2006 12:49:06 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 2B68E405A; Sat, 7 Jan 2006 13:49:06 +0100 (CET) Date: Sat, 7 Jan 2006 13:49:06 +0100 From: Jeremie Le Hen To: OxY Message-ID: <20060107124906.GT90495@obiwan.tataz.chchile.org> References: <000f01c60ad9$f7732fa0$0201a8c0@oxy> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000f01c60ad9$f7732fa0$0201a8c0@oxy> User-Agent: Mutt/1.5.11 Cc: freebsd-hackers@freebsd.org Subject: Re: [fbsd] ipfw+nat X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jan 2006 12:49:04 -0000 Hi, > i'd like to ask for your help, because i didn't find anything related about > this topic.. > i have a box, with public ip, which is connected to other clients through > openvpn (10.254.0.x) > i'd like to connect to the openvpn client's port (for example ssh) > through a public address port (x.x.x.x 16354) > > unfortunately i totally failed in this, can't even forward to my boxes > openvpn address.. > > tried this: > $cmd 00701 fwd 10.254.0.1,22 tcp from any to x.x.x.x 16354 > > no result, connection refused.. > it works well with datapipe, however i don't want to set up dozens of > datapipes :) > > natd is enabled, do i need it? or ipfw divert? > i have the following related in kernel conf: > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=5 > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_FORWARD Please post this on -ipfw@ or -net@. Thank you. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >