From owner-freebsd-questions@FreeBSD.ORG Mon Nov 20 02:10:58 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 971B816A40F for ; Mon, 20 Nov 2006 02:10:58 +0000 (UTC) (envelope-from Russell.Wood@rac.com.au) Received: from maserati.rac.com.au (maserati.rac.com.au [61.88.37.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA2CC43D62 for ; Mon, 20 Nov 2006 02:10:44 +0000 (GMT) (envelope-from Russell.Wood@rac.com.au) Received: from mazda.rac.com.au ([172.16.5.50]) by audi.rac.com.au with Microsoft SMTPSVC(6.0.3790.1830); Mon, 20 Nov 2006 10:10:50 +0800 Received: from mercury.rac.com.au ([172.16.5.42]) by mazda.rac.com.au with Microsoft SMTPSVC(6.0.3790.1830); Mon, 20 Nov 2006 10:10:50 +0800 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 20 Nov 2006 10:10:49 +0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: port redirection with natd and ipfw Importance: normal Priority: normal thread-index: AccLbw+0nZgp/CP0RhK1Y1IhzPCdWgA2dVgw From: "Wood, Russell" To: "Nilton Volpato" , X-OriginalArrivalTime: 20 Nov 2006 02:10:50.0280 (UTC) FILETIME=[19782A80:01C70C49] Cc: Subject: RE: port redirection with natd and ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 02:10:58 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Nilton Volpato > Sent: Sunday, 19 November 2006 7:13 AM > To: freebsd-questions@freebsd.org > Subject: port redirection with natd and ipfw >=20 > Hi, >=20 > I'm using a computer with FreeBSD as a gateway and NAT for a private > LAN. Let's say the gateway has external.com as external address, and > 192.168.0.1 as internal address, so that the LAN is 192.168.0.0/24. >=20 > I'm doing a number of port redirects in the gateway, for svn, http, > https, ssh, etc using natd. However, these port redirects do not work > from inside the LAN. >=20 > For instance, if I point my browser to http://external.com and I'm in > the LAN, then it will not work. I can't use the internal address of > the web server because none of the links will work on the web page. >=20 > In summary, I want that my port redirections work also when I try to > connect to the gateway's external address from inside the LAN. >=20 > I'm using a minimal ipfw configuration to try to solve this. This is > the default configuration. >=20 > 00050 divert 8668 ip4 from any to any via vr0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 65000 allow ip from any to any > 65535 deny ip from any to any >=20 > I tried to add: >=20 > 00060 divert 8668 ip4 from 192.168.0.0/24 to external.com >=20 > expecting that it would send the packets from LAN to natd, which would > apply the port redirections. But it did not work. >=20 > How can I solve this? >=20 > Thanks, > -- Nilton I had a similar setup once and used Split DNS with BIND. So, if you requested example.com on 192.168.0.0/24 then you'd get the internal IP, otherwise you got the external IP. Regards, Russell Wood DISCLAIMER: Disclaimer. This e-mail is private and confidential. If you are not the = intended recipient, please advise us by return e-mail immediately, and = delete the e-mail and any attachments without using or disclosing the = contents in any way. The views expressed in this e-mail are those of the = author, and do not represent those of this company unless this is = clearly indicated. You should scan this e-mail and any attachments for = viruses. This company accepts no liability for any direct or indirect = damage or loss resulting from the use of any attachments to this e-mail.