Date: Wed, 05 Dec 2001 10:58:52 +0300 From: Dmitriy Kyrhlarov <dimma@electromir.ru> To: Vladimir Pianykh <fox@vl7.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw Message-ID: <3C0DD3BC.9F8607C0@electromir.ru> References: <8440AF63646E92A9C3256B19000DC77B.000DC7A5C3256B19@electromir.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! When you are write: ipfw add 0900 divert 8887 ip from any to any via $ext_i all packets go to this natd, and your rules 1000, 1100, 1500, 1600 not worked. You are need write: ipfw add 1900 divert 8887 ip from any to any via $ext_i i.e. this rules must go _after_ web&mail diverts. Sorry for my english and sorry if it not a security questionl. By. Dmitriy Vladimir Pianykh wrote: > > Hi! > > I tried to make port forwarding to server in internal network, and nat for > users in same network. Just port forwarding is working fine, but if I > enable masquarad for internal network, I'm losing connection to redirected > servers. > > What is wrong in my script? > > Thank you. > > out=192.168.2.1 > ext_i=ep0 > int_serv_1=192.168.1.1 > port_1=80 > int_serv_2=192.168.1.2 > port_2=25 > > ########################## forwarding ############################### > > ipfw add 1000 divert 8888 tcp from any to $out $port_1 via $ext_i > ipfw add 1100 divert 8888 ip from $int_serv_1 to any via $ext_i > natd -p 8888 -n $ext_i -redirect_port tcp $int_serv_1:$port_1 $port_1 > > #-------------------------------------------------------------------- > > ipfw add 1500 divert 8889 tcp from any to $out $port_2 via $ext_i > ipfw add 1600 divert 8889 ip from $int_serv_2 to any via $ext_i > natd -p 8889 -n $ext_i -redirect_port tcp $int_serv_2:$port_2 $port_2 > > ############################ NAT #################################### > > ipfw add 0900 divert 8887 ip from any to any via $ext_i > natd -p 8887 -n $ext_i > > ipfw add 65000 allow ip from any to any > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C0DD3BC.9F8607C0>