From owner-freebsd-questions Mon Apr 16 11:10:58 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 353D137B43E for ; Mon, 16 Apr 2001 11:10:55 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f3GJH6Y68859; Mon, 16 Apr 2001 14:17:07 -0500 (CDT) (envelope-from nick@rogness.net) Date: Mon, 16 Apr 2001 14:17:06 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Walter McGinnis Cc: freebsd-questions@FreeBSD.ORG Subject: Re: another natd port forwarding question In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 16 Apr 2001, Walter McGinnis wrote: > Hello everyone, > Hello. > > Cable modem talks to a FreeBSD 4.0-RELEASE box with two NICs. One for > a the cable, one for the LAN hub. Everything works fine except I have > a RH web development box on the LAN that I would like to have port > 8000 - 9000 be viewable from the outside world. These ports are not > used on the FreeeBsd box. > > I decided to test by setting up port 8003 on the public FreeBsd box to > forward to 10.0.0.10:8003 (the RH web development box). On a side > note if I am going to use an additional file for natd configuration it > seems like I should consolidate all my flags into it (except, of > course, the call to the config file). A quick note for for how to > include the current appropriate flags in the natd.conf file would be > appreciated. I'm obviously missing something: > > excerpt from rc.firewall > > ############ > # These rules are required for using natd. All packets are passed to > # natd before they encounter your remaining rules. The firewall rules > # will then be run again on each packet after translation by natd, > # minus any divert rules (see natd(8)). > # > case ${natd_enable} in > [Yy][Ee][Ss]) > if [ -n "${natd_interface}" ]; then > ${fwcmd} add divert natd all from any to any via > ${natd_interface\ > } > fi > ;; > esac > > ${ipfw} allow log tcp from any to xxx.xxx.xxx.xxx 8003 via ${oif} > > ############ Umm, should be: ${ipfw} allow log tcp from any to 10.0.0.10 8003 via ${oif} this rule should be inserted after the divert rule. Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message