From owner-freebsd-questions@FreeBSD.ORG Tue Dec 22 17:08:14 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2128A1065697 for ; Tue, 22 Dec 2009 17:08:14 +0000 (UTC) (envelope-from igorr@canmos.ru) Received: from sta1.canmos.ru (sta1.canmos.ru [89.107.124.11]) by mx1.freebsd.org (Postfix) with ESMTP id 9CC0D8FC28 for ; Tue, 22 Dec 2009 17:08:13 +0000 (UTC) Received: from sta1.canmos.ru (sta1.canmos.ru [89.107.124.11]) by sta1.canmos.ru (Postfix) with ESMTP id 9E0311279EC; Tue, 22 Dec 2009 20:08:12 +0300 (MSK) Date: Tue, 22 Dec 2009 20:08:12 +0300 (MSK) From: "Igor V. Ruzanov" To: tscolari@gmail.com In-Reply-To: Message-ID: References: <614b39480912220459l378faa15ufa7514ce2c1d5825@mail.gmail.com> <1265047402.20091222182427@yandex.ru> X-GPG-PUBLIC-KEY: 1024D/494AF6DC 2008-03-20 Igor V. Ruzanov X-GPG-FINGERPRINT: A723 B6CC 11ED A4E2 1909 C4DC 6EDE 9089 494A F6DC MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="1800997756-1722061064-1261501692=:24683" Cc: freebsd-questions@freebsd.org Subject: Re: Help with ipfw please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2009 17:08:14 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1800997756-1722061064-1261501692=:24683 Content-Type: TEXT/PLAIN; charset=koi8-r Content-Transfer-Encoding: QUOTED-PRINTABLE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Dec 2009, Igor V. Ruzanov wrote: |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |On Tue, 22 Dec 2009, =EB=CF=CE=D8=CB=CF=D7 =E5=D7=C7=C5=CE=C9=CA wrote: | ||=FA=C4=D2=C1=D7=D3=D4=D7=D5=CA=D4=C5, Tiago. || ||=F7=D9 =D0=C9=D3=C1=CC=C9 22 =C4=C5=CB=C1=C2=D2=D1 2009 =C7., 14:59:50: || ||T> Im trying to add a basic rule in my ipfw. ||T> My server has 2 network address, one for external access (x.x.x.x) and= other ||T> for the local network(y.y.y.y). ||T> The mysql is binded to the local network, but I would like to allow my= home ||T> computer (z.z.z.z) to connect to the mysql by the external ip. ||T> so basicaly im trying to do is: if request comes from z.z.z.z to ||T> y.y.y.y:3306 redirect to x.x.x.x:3306 ||T> I tryed some configuration but I ended locked outside the machine... || ||You need -redirect_port ||man natd: | |Also it could be done at kernel-level with ipnat. Simple rule doing=20 |something like DNAT looks like (/etc/ipnat.conf): | |rdr z.z.z.z port 3306 -> x.x.x.x port 3306 tcp Oh sorry! z.z.z.z necessary to replace with x.x.x.x from your task=20 (external IP), and x.x.x.x by y.y.y.y from your task (private IP). +-------------------------------------------+ ! CANMOS ISP Network ! +-------------------------------------------+ ! Best regards ! ! Igor V. Ruzanov, network operational staff! ! e-Mail: igorr@canmos.ru ! +-------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFLMPz8bt6QiUlK9twRApFzAJ9OPj1QP/Asxen3aprWPFtTaxT6AwCfcjZc C42ztGPXSqJRP3LeZ9zK/Ok=3D =3DZZvR -----END PGP SIGNATURE----- --1800997756-1722061064-1261501692=:24683--