Date: Mon, 14 Feb 2000 21:02:06 -0800 From: "Fred J. Lomas" <aj@8hill.com> To: <cjclark@home.com> Cc: <freebsd-questions@freebsd.org> Subject: RE: Natd, ipfw, & redirect_port Message-ID: <LPBBKHJOEEAHCKOFDBKFKEBBCAAA.aj@8hill.com> In-Reply-To: <20000214221327.D41631@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
I am trying to get my game server online that I have on my NT
network, I have a web server that is running BSD 2.2.7 the kernel has been
tweaked to do what it needs but it has the standard IPFW and natd stuff, I
want to be able to access my NT box through a terminal connection from the
Internet and I want to put my game server online which is on my NT box, that
goes out on port 27015 I want to be able to direct traffic from my WAN
connection to that port and access my game server, I have not Idea where to
start or what files I need to edit , I tried to go into the files I saw in
this post but there all encrypted have full access to this web server and
can do whatever I need to to it, so if you or anyone can help please let me
know or if you need more info........ thanks
-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Crist J. Clark
Sent: Monday, February 14, 2000 7:13 PM
To: Brent Kearney
Cc: FreeBSD Questions
Subject: Re: Natd, ipfw, & redirect_port
On Mon, Feb 14, 2000 at 01:03:26PM -0800, Brent Kearney wrote:
>
> I know this is covered by previous posts, but the archive is still
> not back up, and I can't wait any longer.
>
> I'm running FreeBSD 3.4 on an x86, with NATd & two NICs. I'm trying
> to forward all connections to a particular port on the outside
> machine, to a particular port on on an inside machine (for ssh). I've
> done this before (under 3.2 I think), and I don't remember it being
> difficult at all. However, it's not working.
>
> Here's my natd rc.conf line:
>
> natd_flags="-n pn0 -m -log_denied -f /etc/natd.conf"
>
> And my natd.conf:
>
> redirect_port tcp Plato:22 2200
> redirect_port udp Plato:22 2200
>
> One difference between my old setup (3.2) and the new one, is that now
> I have default_to_accept disabled, so my firewall rules are quite a
> bit tighter. However, because one of the first rules passes all IP
> traffic to natd, do I need anything else?
>
> I tried this, to no avail, anyways (from rc.firewall):
>
> Allow connections to port 2200 for ssh access to Plato
> $fwcmd add pass tcp from any to any 2200 setup
> $fwcmd add pass udp from any to any 2200
>
> Any connection attempts to port 2200 just sit there. I know the
> problem is not on the internal machine (Plato), because computers on
> the LAN have no problem connecting with ssh to it.
Could we see all of the rules ('ipfw list' output)? However, I might
guess what is going on.
You said that the natd(8) divert(4) occurs at one of the first
rules. Then farther down, you have the 2200 rules shown above. But
the packets have already been through NAT. The packet that came in
destined for the NATd box's external IP and port 2200 has a
destination of plato and port 22 by the time it hits this rule. It
will not pass this rule.
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBKHJOEEAHCKOFDBKFKEBBCAAA.aj>