From owner-freebsd-questions@FreeBSD.ORG Mon Jan 12 18:19:30 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB23F16A4CE for ; Mon, 12 Jan 2004 18:19:30 -0800 (PST) Received: from mpls-qmqp-02.inet.qwest.net (mpls-qmqp-02.inet.qwest.net [63.231.195.113]) by mx1.FreeBSD.org (Postfix) with SMTP id 12AE443D2D for ; Mon, 12 Jan 2004 18:19:24 -0800 (PST) (envelope-from budec@qwest.net) Received: (qmail 75679 invoked by uid 0); 13 Jan 2004 01:27:25 -0000 Received: from mpls-pop-02.inet.qwest.net (63.231.195.2) by mpls-qmqp-02.inet.qwest.net with QMQP; 13 Jan 2004 01:27:25 -0000 Received: from unknown (HELO abby) (63.231.238.226) by mpls-pop-02.inet.qwest.net with SMTP; 13 Jan 2004 02:19:23 -0000 Date: Mon, 12 Jan 2004 20:14:45 -0600 Message-ID: From: "Budec" To: "Ronnie Clark" , "'Budec'" , "'FreeBSD-questions list'" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <003801c3d97a$ef12f3a0$0a07070a@bullitt> Subject: RE: Port forwarding X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2004 02:19:30 -0000 Thanks for the reply. I'm using the default 'rc.firewall' and in the /etc/rc.config I have it set up to use "OPEN". >From what I can tell, it looks like I'm passing everything by default... here is a snip of the config (not all of the /etc/rc.firewall file, just the OPEN parts) [snip] case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} fi ;; esac esac [snip] case ${firewall_type} in [Oo][Pp][Ee][Nn]) # bud #${fwcmd} add count log tcp from any to any setup #${fwcmd} add count log udp from any to any keep-state # clients # ${fwcmd} add allow tcp from any to 192.168.17.1 5121 keep-state # ${fwcmd} add allow udp from any to 192.168.17.1 5121 keep-state # ${fwcmd} add allow tcp from any to 192.168.17.25 5121 keep-state # ${fwcmd} add allow udp from any to 192.168.17.25 5121 keep-state # Gamespy # ${fwcmd} add allow udp from 192.168.17.1 5121 to 216.177.89.34 27900 keep-state # ${fwcmd} add allow udp from 192.168.17.1 5121 to 66.244.193.142 5121 keep-state # ${fwcmd} add allow udp from 192.168.17.25 5121 to 216.177.89.34 27900 keep-state # ${fwcmd} add allow udp from 192.168.17.25 5121 to 66.244.193.142 5121 keep-state ${fwcmd} add 65000 pass all from any to any ;; 'pass all from any to any' should do it right? Regards, Jack > -----Original Message----- > From: Ronnie Clark [mailto:ronnie@txnetsecurity.com] > Sent: Monday, January 12, 2004 8:14 PM > To: 'Budec'; 'FreeBSD-questions list' > Subject: RE: Port forwarding > > > Jack, > > What do our firewall rules look like? Is there a rule to allow > 5122 traffic > into the outside interface? > > Just a thought, > Ron Clark > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Budec > Sent: Monday, January 12, 2004 7:50 PM > To: 'FreeBSD-questions list' > Subject: Port forwarding > > > > > > Hello, > > I have been trying to get this working for days and am obviously doing > something wrong and was wondering if any Guru's out there could give a > little guidance. Basically I'm looking to run a game server behind a > FreeBSD firewall. Here is my setup: > > {internet} <-> [public address] - Firewall <-> (internal address) Game > server > > Lets say public address is 1.2.3.4 and private address is > 192.168.17.25 port > is 5122 > > > In the /etc/rc.conf I set the firewall policy to "OPEN" and > enabled natd, I > gave it the natd options of "-f /etc/natd.conf"... for "ipnat" I have that > set to "NO" (not sure what it does) > > In the natd.conf file I have this: > > redirect_port tcp 192.168.17.25:5122 5122 > redirect_port udp 192.168.17.25:5122 5122 > > I restart natd and theatrically everything that hits 1.2.3.4 on port 5122 > should be automatically redirected to 192.168.17.25 port 5122, right? > > I have also tried this (since the public interface is aliases > (has more than > one public address associated with it)): > > redirect_port tcp 192.168.17.25:5122 1.2.3.4:5122 > redirect_port udp 192.168.17.25:5122 1.2.3.4:5122 > > > > Which doesn't seem to work either. Any ideas? > > Regards, > Jack > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >