Date: Thu, 16 Jul 1998 14:58:41 +0100 From: Richard Smith <richard@jezebel.demon.co.uk> To: Thomas David Rivers <rivers@dignus.com> Cc: freebsd-hackers@freefall.cdrom.com Subject: Re: ipfw rules for exposing an internal machine's port externally? Message-ID: <35AE0711.D86870C9@jezebel.demon.co.uk> References: <199807161205.IAA01215@lakes.dignus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas David Rivers wrote:
>
> I sent the following to freebsd-questions; but nothing has come of it,
> so I thought, perhaps, freebsd-hackers might be a better forum...
>
> - Thanks -
> - Dave Rivers -
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
> I thought I should be able to do this; but it doesn't
> seem to work well. Perhaps someone knows what I've got wrong here.
>
> What I have is a machine "X" which is on the external network
> and through which I divert all internal traffic on the 10.0.0.x
> network via ipfw/natd, as in:
>
> ipfw add 100 divert 32000 ip from any to any via sl0
>
> However, I have an internal machine (10.0.0.10) that's set up
> to do telnet connections on a different port (e.g. port #PPPP in
> the following example.)
>
> I would like to make those connections available externally.
>
> So - I've got added:
>
> ipfw add 50 pass log tcp from any PPPP to 10.0.0.10 PPPP
> ipfw add 50 pass log udp from any PPPP to 10.0.0.10 PPPP
>
> But, if I telnet to the gateway machine at port PPPP as in:
> telnet gateway PPPP
> all I get is:
> Trying x.x.x.x...
> telnet: Unable to connect to remote host: Connection refused
>
> If I, however, telnet on the internal network to 10.0.0.10 PPPP
> I get connected just fine.
>
> Has anyone done this before? That is, map a particular port number
> on one machine to a different one? And, use that with divert to
> make a service on an internal machine externally visible? If so, how?
>
> - Thanks -
> - Dave Rivers -
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
Dave,
You need to add a static mapping from the #PPPP port on your firewall to
the #PPPP port on 10.0.0.10. Add '-redirect_port tcp 10.0.0.10:PPPP
PPPP' to the 'natd' command line, and open up your firewall with
something like:
$fwcmd add pass tcp from any to ${oip} PPPP setup
$fwcmd add pass tcp from any to 10.0.0.10 PPPP setup
Bye,
--
Richard Smith
Assistant Chief Engineer
TRL Technology Limited
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35AE0711.D86870C9>