From owner-freebsd-net@FreeBSD.ORG Tue Nov 29 10:46:13 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D89016A41F for ; Tue, 29 Nov 2005 10:46:13 +0000 (GMT) (envelope-from asko_nospam@ultrasoft.ee) Received: from mail.ultrasoft.ee (ns.ultrasoft.ee [213.35.215.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19ED543D72 for ; Tue, 29 Nov 2005 10:46:10 +0000 (GMT) (envelope-from asko_nospam@ultrasoft.ee) Received: from localhost (localhost [127.0.0.1]) by mail.ultrasoft.ee (Postfix) with ESMTP id 3CDE05EE0 for ; Tue, 29 Nov 2005 12:46:03 +0200 (EET) Received: from mail.ultrasoft.ee ([127.0.0.1]) by localhost (aidamees.ultrasoft.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 50148-14 for ; Tue, 29 Nov 2005 12:46:02 +0200 (EET) Received: from [192.168.8.25] (unknown [192.168.8.25]) by mail.ultrasoft.ee (Postfix) with ESMTP id 25E475ED7 for ; Tue, 29 Nov 2005 12:46:02 +0200 (EET) Message-ID: <438C3172.6010806@ultrasoft.ee> Date: Tue, 29 Nov 2005 12:46:10 +0200 From: asko Organization: Ultrasoft =?ISO-8859-1?Q?O=DC?= User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051127) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at ultrasoft.ee Subject: natd redirected ports from LAN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 10:46:13 -0000 Hi, As you know, natd redirected ports in router from WAN to LAN work only from outside. http://lists.freebsd.org/pipermail/freebsd-questions/2003-August/015552.html For example, www.example.com has public IP - a.b.c.d webserver is in LAN, 192.168.1.10 router is 192.168.1.1 #rc.conf natd_enable="YES" natd_flags="-f /etc/natd.conf" natd_interface="fxp0" gateway_enable="YES" #natd.conf use_sockets yes same_ports yes unregistered_only yes redirect_port tcp 192.168.1.10:80 80 The query http://a.b.c.d:80 works from outside, but does not work from inside (LAN). One solution is redirecting local port to 192.168.1.10:80 # inetd.conf www stream tcp nowait nobody /usr/local/bin/nc nc -w 3 192.168.1.10 80 and adding ipfw rule: 00040 fwd 192.168.1.1,80 tcp from 192.168.1.0/24 to a.b.c.d dst-port 80 It works, but it is not very elegant, because it involves user level programs inetd and netcat. I'm searching for a better, faster solution.. Does it exist? -- asko