Date: Wed, 25 Sep 2002 13:43:23 -0700 (PDT) From: billy <billy@isilon.com> To: Juraj Petrik <juro@software602.sk> Cc: freebsd-security@FreeBSD.ORG, <freebsd-ipfw@FreeBSD.ORG> Subject: Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease Message-ID: <20020925134258.P75126-100000@mouse.isilon.com> In-Reply-To: <002201c26467$1fdf9270$7a01a8c0@pcjuro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Sep 2002, Juraj Petrik wrote: > hello, > can you help me, please, > > I'm trying to run firewall with using > IPFilter, IPNAT and Dummynet, on FreeBSD > > I'm readed so much HOWTOs but, I can't do > redirection to another server in internal > network: > rl0 - WAN (194.x.x.0/24) 194.x.x.22 if FreeBSD box > rl1 - LAN (192.168.1.0/24) 192.168.1.22 if FreeBSD box > rl2 - DMZ (10.0.0.0/24) 10.0.0.22 if FreeBSD box > > my server is now on LAN, not on DMZ. > > I'm using FreeBSD 4.7 prerelease from CVS. > > In kernel config have added: > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=30 > options IPFIREWALL_FORWARD > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPDIVERT > options DUMMYNET > > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK > options RANDOM_IP_ID > > in /etc/rc.conf have: > tcp_extensions="YES" > gateway_enable="YES" > portmap_enable="NO" > > #firewall_enable="YES" > #firewall_type="/etc/dummynet.conf" > #firewall_logging="NO" > > ipfilter_enable="YES" > ipfilter_flags="" > ipfilter_rules="/etc/ipf.conf" > > ipnat_enable="YES" > ipnat_flags="" > ipnat_rules="/etc/ipnat.conf" > > ipmon_enable="YES" > ipmon_flags="-Dns -l block" > > in /etc/ipf.conf: > pass in log all > pass out log all > > in /etc/ipnat.conf: > map rl0 192.168.1.0/24 -> 194.x.x.22/32 > map rl0 0/0 -> 194.x.x.22/32 proxy port ftp ftp/tcp > > map rl0 192.168.1.0/24 -> 194.x.x.22/32 portmap tcp/udp 12500:60000 > map rl0 192.168.1.0/24 -> 194.x.x.22/32 > > rdr rl0 194.x.x.22/32 port 80 -> 192.168.1.35 port 80 > rdr rl0 194.x.x.22/32 port 22 -> 192.168.1.35 port 22 > > NAT from LAN to internet works OK, > but from Internet I can't redirct connect to server > on LAN (192.168.1.35) > > Please help me ANYBODY!!!! > -jp- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020925134258.P75126-100000>