Date: Sun, 28 Jan 2001 07:04:20 -0800 From: "DINKEY,GENE (HP-Loveland,ex1)" <gene_dinkey@hp.com> To: "'Marius M. Rex'" <marius@mail.communityconnect.com>, questions@freeBSD.org Subject: RE: IPfwd Message-ID: <F341E03C8ED6D311805E00902761278C531546@xfc04.fc.hp.com>
next in thread | raw e-mail | index | archive | help
> -----Original Message-----
> From: Marius M. Rex [mailto:marius@mail.communityconnect.com]
> Sent: Saturday, January 27, 2001 10:55 PM
> To: questions@freeBSD.org
> Subject: IPfwd
>
>
>
> I have a little home network on which I run ipfw and nat. My
> significant
> other wants to participate in napster, so I wrote a firewall
> rule so she
> could do so. She can now sit at her computer, connect, and download
> songs. I have a dynamic ip address, so I wrote it thusly.
>
> $fwcmd add 1500 pass tcp from any to any 6699 in via ${oif}
>
> But of course, no one can connect to her computer and download songs
> from her. She has a ip address that is translated by NAT
> into the one ip
> address that I have, on the FreeBSD box. An unsolicited outside
> connection is not supposed to be able to set up a connection.
> But she wants to be able to give back. So I thought I would
> just forward
> that port. She is the only one who uses Napster, it seemed fairly
> reasonable. So I recheached with Napster, and confirmed that
> it should
> answer requests for downloads from 6699.
>
> $fwcmd add 1501 fwd 10.0.0.3 tcp from any to any 6699
>
> This looks to me like it should forward all traffic from port
> 6699 to her
> machine, 10.0.0.3. But still no-one can download music from
> her. Am I
> forwarding it wrong? The systax is valid, I know that. Here are my
> current stats:
>
>
> FreeBSD milux.ny.home 3.5-STABLE FreeBSD 3.5-STABLE #8: Sat Jan 27
> 14:58:50 EST 2001
> marius@milux.ny.home:/usr/src/sys/compile/MILUX
> i386
>
> packet fowarding is compiled in the kernel. From my dmesg:
>
> IP packet filtering initialized, divert enabled, rule-based
> forwarding
> enabled, default to accept, logging limited to 100 packets/entry by
> default
>
> Any clues to what I am doing wrong? (I know, gotta cvsup
> soon, I read the
> security advisement about ipfw.)
A better way to set that up is through natd - in your config file add
redirect_port tcp x.x.x.x:6699 6699
redirect_port udp x.x.x.x:6699 6699 # (and I'm not sure if
Napster requires udp)
This will tell natd to pass packets back to any particular machine. I'm not
sure if natd will allow you to specify a subnet so all systems can
participate on Napster using the same data port. If not you can always set
up the same thing for another system but use a different data port.
Thats how I took care of it.
Gene
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F341E03C8ED6D311805E00902761278C531546>