From owner-freebsd-ipfw Tue Mar 7 14:34:18 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from bb1.betterbox.net (bb1.betterbox.net [209.83.132.66]) by hub.freebsd.org (Postfix) with ESMTP id 7D62237B540 for ; Tue, 7 Mar 2000 14:34:13 -0800 (PST) (envelope-from better@betterbox.net) Received: from [10.1.5.111] (guardian.epconline.net [216.178.14.38]) by bb1.betterbox.net (8.9.3/8.9.3) with ESMTP id OAA79977 for ; Tue, 7 Mar 2000 14:49:56 -0600 (CST) (envelope-from better@betterbox.net) Message-Id: Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Date: Tue, 7 Mar 2000 14:51:22 -0600 To: freebsd-ipfw@FreeBSD.ORG From: Joong Kim Subject: Re: ipfw, natd and dialpad Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >On dialpad.com's faq page they say I can issue the following ruleset >to ipmaswadm to apparently enable forwarding of received packets to >the correct internal host: > > /usr/sbin/ipmasqadm autofw -A -v -u -r udp 51200 51201 -c tcp 7175 > /usr/sbin/ipmasqadm autofw -A -v -u -r tcp 51210 51210 -c tcp 7175 > >I don't see that there is a way to do this with natd and ipfw, but >wanted to check to be sure. Can ipfilter do it? Just curious really. > >jon > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message Jon, You would probably want to do this using natd's redirect_port From man natd: -redirect_port proto targetIP:targetPORT[-targetPORT] [aliasIP:]alias- PORT[-aliasPORT] [remoteIP[:remotePORT[-remotePORT]]] Redirect incoming connections arriving to given port(s) to another host and port(s). Proto is either tcp or udp, tar- getIP is the desired target IP number, targetPORT is the de- sired target PORT number or range, aliasPORT is the requested PORT number or range, and aliasIP is the aliasing address. RemoteIP and remotePORT can be used to specify the connection more accurately if necessary. The targetPORT range and aliasPORT range need not be the same numerically, but must have the same size. If remotePORT is not specified, it is assumed to be all ports. If remotePORT is specified, it must match the size of targetPORT, or be 0 (all ports). For exam- ple, the argument tcp inside1:telnet 6666 means that tcp packets destined for port 6666 on this machine will be sent to the telnet port on the inside1 machine. tcp inside2:2300-2399 3300-3399 will redirect incoming connections on ports 3300-3399 to host inside2, ports 2300-2399. The mapping is 1:1 meaning port 3300 maps to 2300, 3301 maps to 2301, etc. From dialpad's FAQ: I have a private network, how can I use Dialpad?? If you have a private network, even though you can call someone, you wouldn't be able to hear the remote end. This is because the incoming voice packets cannot find its way to the PC without a valid (public) IP address. In order to use Dialpad on a private network, you have to map the incoming ports on the server. You have to map the following incoming ports UDP: 51200, 51201 TCP: 51210 If you need a trigger for them, use TCP: 7175 (outgoing) Here's what you would need to setup: i.e. Let's say that 10.1.5.47 is the internal workstation. Then you would setup the following in natd.cf (/usr/src/sbin/natd/samples/natd.cf.sample) file: redirect_port tcp 10.1.5.47:51210 51210 redirect_port udp 10.1.5.47:51200-51201 51200-51201 redirect_port tcp 10.1.5.47:7175 7175 I hope this helps! :-) Of course, you would need to setup the other settings correctly in natd.cf and run natd like this and put flags for natd in rc.conf, natd_flags="-f /etc/natd.cf" natd -f /etc/natd.cf -Joong Kim EPC, Inc. better@betterbox.net +---------------------------+---------------------------------+ | Joong Hyun Kim | BetterBOX.net | | System Administrator | http://www.betterbox.net/ | +---------------------------+---------------------------------+ | The "BETTER" place to host your mud and web site! | +-------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message