Date: Tue, 7 Mar 2000 14:51:22 -0600 From: Joong Kim <better@betterbox.net> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw, natd and dialpad Message-ID: <v04003a06b4eb1c120da1@[10.1.5.111]>
next in thread | raw e-mail | index | archive | help
>On dialpad.com's faq page they say I can issue the following ruleset
>to ipmaswadm to apparently enable forwarding of received packets to
>the correct internal host:
>
> /usr/sbin/ipmasqadm autofw -A -v -u -r udp 51200 51201 -c tcp
7175
> /usr/sbin/ipmasqadm autofw -A -v -u -r tcp 51210 51210 -c tcp
7175
>
>I don't see that there is a way to do this with natd and ipfw, but
>wanted to check to be sure. Can ipfilter do it? Just curious really.
>
>jon
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-ipfw" in the body of the message
Jon,
You would probably want to do this using natd's redirect_port
From man natd:
-redirect_port proto targetIP:targetPORT[-targetPORT]
[aliasIP:]alias-
PORT[-aliasPORT] [remoteIP[:remotePORT[-remotePORT]]]
Redirect incoming connections arriving to given
port(s) to
another host and port(s). Proto is either tcp or udp,
tar-
getIP is the desired target IP number, targetPORT is
the de-
sired target PORT number or range, aliasPORT is the
requested
PORT number or range, and aliasIP is the aliasing
address.
RemoteIP and remotePORT can be used to specify the
connection
more accurately if necessary. The targetPORT range
and
aliasPORT range need not be the same numerically, but
must
have the same size. If remotePORT is not specified,
it is
assumed to be all ports. If remotePORT is specified,
it must
match the size of targetPORT, or be 0 (all ports).
For exam-
ple, the argument
tcp inside1:telnet 6666
means that tcp packets destined for port 6666 on this
machine
will be sent to the telnet port on the inside1
machine.
tcp inside2:2300-2399 3300-3399
will redirect incoming connections on ports 3300-3399
to host
inside2, ports 2300-2399. The mapping is 1:1 meaning
port
3300 maps to 2300, 3301 maps to 2301, etc.
From dialpad's FAQ:
I have a private network, how can I use Dialpad??
If you have a private network, even though you can call someone, you
wouldn't be able to hear the remote end. This is because the incoming
voice packets cannot find its way to the PC without a valid (public) IP
address.
In order to use Dialpad on a private network, you have to
<italic>map</italic> the incoming ports on the server. You have to map
the following incoming ports
UDP: 51200, 51201
TCP: 51210
If you need a trigger for them, use TCP: 7175 (outgoing)
Here's what you would need to setup:
i.e. Let's say that 10.1.5.47 is the internal workstation. Then you
would setup the following in natd.cf
(/usr/src/sbin/natd/samples/natd.cf.sample) file:
redirect_port tcp 10.1.5.47:51210 51210
redirect_port udp 10.1.5.47:51200-51201 51200-51201
redirect_port tcp 10.1.5.47:7175 7175
I hope this helps! :-) Of course, you would need to setup the other
settings correctly in natd.cf and run natd like this and put flags for
natd in rc.conf,
natd_flags="-f /etc/natd.cf"
natd -f /etc/natd.cf
-Joong Kim
EPC, Inc.
better@betterbox.net
+---------------------------+---------------------------------+
| Joong Hyun Kim | BetterBOX.net |
| System Administrator | http://www.betterbox.net/ |
+---------------------------+---------------------------------+
| The "BETTER" place to host your mud and web site! |
+-------------------------------------------------------------+
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04003a06b4eb1c120da1>