From owner-freebsd-hackers Thu Jul 16 05:01:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA29354 for freebsd-hackers-outgoing; Thu, 16 Jul 1998 05:01:26 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA29348 for ; Thu, 16 Jul 1998 05:01:25 -0700 (PDT) (envelope-from rivers@dignus.com) Received: from elvis.vnet.net (elvis.vnet.net [166.82.1.5]) by freefall.freebsd.org (8.8.8/8.8.5) with ESMTP id FAA24845 for ; Thu, 16 Jul 1998 05:00:29 -0700 (PDT) Received: from dignus.com (ponds.vnet.net [166.82.177.48]) by elvis.vnet.net (8.8.8/8.8.4) with ESMTP id IAA11874 for ; Thu, 16 Jul 1998 08:01:05 -0400 (EDT) Received: from lakes.dignus.com (lakes [10.0.0.3]) by dignus.com (8.8.8/8.8.5) with ESMTP id IAA01536 for ; Thu, 16 Jul 1998 08:32:41 -0400 (EDT) Received: (from rivers@localhost) by lakes.dignus.com (8.8.8/8.6.9) id IAA01215 for freebsd-hackers@freefall.cdrom.com; Thu, 16 Jul 1998 08:05:13 -0400 (EDT) Date: Thu, 16 Jul 1998 08:05:13 -0400 (EDT) From: Thomas David Rivers Message-Id: <199807161205.IAA01215@lakes.dignus.com> To: freebsd-hackers@freefall.cdrom.com Subject: ipfw rules for exposing an internal machine's port externally? Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I sent the following to freebsd-questions; but nothing has come of it, so I thought, perhaps, freebsd-hackers might be a better forum... - Thanks - - Dave Rivers - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- I thought I should be able to do this; but it doesn't seem to work well. Perhaps someone knows what I've got wrong here. What I have is a machine "X" which is on the external network and through which I divert all internal traffic on the 10.0.0.x network via ipfw/natd, as in: ipfw add 100 divert 32000 ip from any to any via sl0 However, I have an internal machine (10.0.0.10) that's set up to do telnet connections on a different port (e.g. port #PPPP in the following example.) I would like to make those connections available externally. So - I've got added: ipfw add 50 pass log tcp from any PPPP to 10.0.0.10 PPPP ipfw add 50 pass log udp from any PPPP to 10.0.0.10 PPPP But, if I telnet to the gateway machine at port PPPP as in: telnet gateway PPPP all I get is: Trying x.x.x.x... telnet: Unable to connect to remote host: Connection refused If I, however, telnet on the internal network to 10.0.0.10 PPPP I get connected just fine. Has anyone done this before? That is, map a particular port number on one machine to a different one? And, use that with divert to make a service on an internal machine externally visible? If so, how? - Thanks - - Dave Rivers - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message