From owner-freebsd-questions  Sat Apr 17 13:20:10 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cartman.techzone.cx (edtn002932.hs.telusplanet.net [161.184.147.138])
	by hub.freebsd.org (Postfix) with ESMTP id 2A1431543D
	for <questions@freebsd.org>; Sat, 17 Apr 1999 13:20:07 -0700 (PDT)
	(envelope-from rbi@techzone.cx)
Received: from localhost (rbi@localhost)
	by cartman.techzone.cx (8.9.2/8.9.2) with ESMTP id OAA06544
	for <questions@freebsd.org>; Sat, 17 Apr 1999 14:15:02 -0600 (MDT)
	(envelope-from rbi@techzone.cx)
X-Authentication-Warning: cartman.techzone.cx: rbi owned process doing -bs
Date: Sat, 17 Apr 1999 14:15:02 -0600 (MDT)
From: Will Downs <rbi@techzone.cx>
To: questions@freebsd.org
Subject: ipnat port rdr question.
In-Reply-To: <3.0.3.32.19990418000256.0093a9b0@upn.net>
Message-ID: <Pine.BSF.4.05.9904171353510.6512-100000@cartman.techzone.cx>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I'm currently attempting to setup a FreeBSD firewall (running
3.1-RELEASE), i'm using ipnat to do network address translation. I
have several *nix boxes behind the firewall, that all access the network
perfectly using NAT.

What i'm attemping to do, is redirect request on a specific port to an
internal machine. I have created a ipnat.rules file that contain several
rules.

map ed1 192.xxx.xxx.xx2/32 -> 204.xxx.xxx.xxx/32
rdr ed0 0.0.0.0/0 port 4500 -> 192.xxx.xxx.xx3/0 port 23

The first map rule allows my internal machine to use NAT.
The second rule is where my problems come up.

If i telnet to that port, my session timeout. For some reason it's doesn't
seem to even attempt a connection to the internal machine. I belive i'm
missing some thing. 

I have relaxed my firewall rules while i'm trying to get this to work. So
that shouldn't be a problem.

This is how my network looks..

ed0 (204.xxx.xxx.xxx) external interface.
                      |(firewall)
ed1 (192.xxx.xxx.xx1) internal interface.
                      |
                      |
|---------------------|--------------------|
192.xxx.xxx.xx2   192.xxx.xxx.xx3    192.xxx.xxx.xx4

Any help would be greatly appreciated. If someone knows a doc or man that
could help me, that would be great aswell.

Thanks in advance.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message