From owner-freebsd-security Tue Dec 4 23:59:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from bsd.electromir.ru (bsd.electromir.ru [195.14.44.190]) by hub.freebsd.org (Postfix) with ESMTP id CE4A437B405 for ; Tue, 4 Dec 2001 23:59:25 -0800 (PST) Received: from mail.office.electromir.ru (mail.office.electromir.ru [192.168.0.50]) by bsd.electromir.ru (8.11.3/8.11.3) with SMTP id fB57w9n19539; Wed, 5 Dec 2001 10:58:30 +0300 (MSK) Received: from electromir.ru ([192.168.0.38]) by mail.office.electromir.ru (Lotus SMTP MTA v4.6.6 (890.1 7-16-1999)) with SMTP id C3256B19.002BB55F; Wed, 5 Dec 2001 10:57:24 +0300 Message-ID: <3C0DD3BC.9F8607C0@electromir.ru> Date: Wed, 05 Dec 2001 10:58:52 +0300 From: Dmitriy Kyrhlarov X-Mailer: Mozilla 4.72 [en] (Win95; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: Vladimir Pianykh Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw References: <8440AF63646E92A9C3256B19000DC77B.000DC7A5C3256B19@electromir.ru> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! When you are write: ipfw add 0900 divert 8887 ip from any to any via $ext_i all packets go to this natd, and your rules 1000, 1100, 1500, 1600 not worked. You are need write: ipfw add 1900 divert 8887 ip from any to any via $ext_i i.e. this rules must go _after_ web&mail diverts. Sorry for my english and sorry if it not a security questionl. By. Dmitriy Vladimir Pianykh wrote: > > Hi! > > I tried to make port forwarding to server in internal network, and nat for > users in same network. Just port forwarding is working fine, but if I > enable masquarad for internal network, I'm losing connection to redirected > servers. > > What is wrong in my script? > > Thank you. > > out=192.168.2.1 > ext_i=ep0 > int_serv_1=192.168.1.1 > port_1=80 > int_serv_2=192.168.1.2 > port_2=25 > > ########################## forwarding ############################### > > ipfw add 1000 divert 8888 tcp from any to $out $port_1 via $ext_i > ipfw add 1100 divert 8888 ip from $int_serv_1 to any via $ext_i > natd -p 8888 -n $ext_i -redirect_port tcp $int_serv_1:$port_1 $port_1 > > #-------------------------------------------------------------------- > > ipfw add 1500 divert 8889 tcp from any to $out $port_2 via $ext_i > ipfw add 1600 divert 8889 ip from $int_serv_2 to any via $ext_i > natd -p 8889 -n $ext_i -redirect_port tcp $int_serv_2:$port_2 $port_2 > > ############################ NAT #################################### > > ipfw add 0900 divert 8887 ip from any to any via $ext_i > natd -p 8887 -n $ext_i > > ipfw add 65000 allow ip from any to any > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message