From owner-freebsd-questions@FreeBSD.ORG Wed Oct 4 01:29:37 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DC5B16A40F for ; Wed, 4 Oct 2006 01:29:37 +0000 (UTC) (envelope-from freebsd@akruijff.dds.nl) Received: from psmtp02.wxs.nl (psmtp02.wxs.nl [195.121.247.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9243443D45 for ; Wed, 4 Oct 2006 01:29:35 +0000 (GMT) (envelope-from freebsd@akruijff.dds.nl) Received: from ip51cc8423.speed.planet.nl (ip51cc8423.speed.planet.nl [81.204.132.35]) by psmtp02.wxs.nl (iPlanet Messaging Server 5.2 HotFix 2.02 (built Oct 21 2004)) with ESMTP id <0J6L0014784L6E@psmtp02.wxs.nl> for freebsd-questions@freebsd.org; Wed, 04 Oct 2006 03:29:09 +0200 (MEST) Received: from Alex1.kruijff.org (localhost [127.0.0.1]) by ip51cc8423.speed.planet.nl (8.13.6/8.13.6) with ESMTP id k941T9mM016927; Wed, 04 Oct 2006 03:29:09 +0200 Received: (from akruijff@localhost) by Alex1.kruijff.org (8.13.6/8.13.6/Submit) id k941T83W016926; Wed, 04 Oct 2006 03:29:08 +0200 Content-return: prohibited Date: Wed, 04 Oct 2006 03:29:08 +0200 From: Alex de Kruijff In-reply-to: <116211880.20060827130454@big12.ru> To: Eugene Orlov Message-id: <20061004012908.GA1742@Alex1.kruijff.org> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.2.2i X-Virus-Scanned: ClamAV 0.88.4/1991/Tue Oct 3 22:52:50 2006 on Alex1.kruijff.org X-Virus-Status: Clean References: <200608232337.k7NNbJT8032059@repoman.freebsd.org> <200608241520.47903.jhb@freebsd.org> <20060824194220.GA59229@submonkey.net> <200608241719.10921.jhb@freebsd.org> <116211880.20060827130454@big12.ru> X-Authentication-warning: Alex1.kruijff.org: akruijff set sender to freebsd@akruijff.dds.nl using -f Cc: freebsd-questions@freebsd.org Subject: Re: IPFW + NATD rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@akruijff.dds.nl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 01:29:37 -0000 On Sun, Aug 27, 2006 at 01:04:54PM +0500, ?????????? ?????????????? wrote: > I'm a junior in FreeBSD, and I faced with problem. You should know that others have mailers that are thread enabled. This means that when you compose a new mail, but you that the reply sort cut others may not read this, because it end up in the list. I redirected the mail to questions@ becuase this is not related to the stable development brance. > I've a FreeBSD 6.1-stable box as a gate+firewall, and I want to divert > incoming requests to my web-server, placed in DeMilitarized Zone > (DMZ). To do this I wrote down settings in /etc/rc.conf as shown > above: > > natd_flags="-redirect_port tcp 80 192.168.1.234 80" > natd_flags="-redirect_poort tcp 443 192.168.1.234 443" You proberbly can not have two lines. > I think, that all packets incoming from Internet will be diverted from > the External interface via DMZ interface to my We-server. Is it right? > If not, why not, and what the way to make it working? Yes, but you made some mistakes: 1. You have two lines, where only one is allowed. 2. The file format is wrong: should be tcp forward_ip:port port 3. You made a typo 4. Did you setup ipfw? I've done this with a seperate config file. firewall_enable="YES" firewall_type="/etc/firewall.conf" natd_enable="YES" natd_flags="-f /etc/natd.conf" natd_interface="fxp0" /etc/firewall.conf contains: add divert 8668 ip from any to any (note: src_ip and dst_ip changes here, so keep this in mind if you add rules) add allow ip from any to any /etc/natd.conf contains: redirect_port tcp ip_to_goto:port local_port Did you setup ipfw and directed packes to natd? You also need to setup i -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/