Date: Tue, 3 Nov 1998 16:12:00 -0800 (PST) From: Doug Junkins <junkins@foghead.com> To: James Snow <sno@flesh.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd and ipfw fwd Message-ID: <Pine.SUN.3.96.981103160508.22487E-100000@orcas> In-Reply-To: <Pine.BSF.4.02A.9811031421220.27268-100000@silver.teardrop.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I've successfully used the following on a firewall/natd box doing what you are attempting: % more /etc/natd.conf interface ed1 redirect_port tcp 192.168.1.200:80 <external.fw.ip.addr>:80 % more rc.firewall # Simple Firewall for use with natd # # First flush the firewall /sbin/ipfw -f flush # # Now divert stuff to natd for address translation # /sbin/ipfw add divert natd all from any to any via ed1 # # Allow web traffic to inside web server # /sbin/ipfw add permit tcp from any to 192.168.1.200 80 /sbin/ipfw add permit tcp from 192.168.1.200 80 to any /sbin/ipfw add permit tcp from <external.fw.ip.addr> 80 to any # The trick that observing the ipfw failures in the syslog led me to was that both the internal and the external address had to be allowed for outbound packets. -Doug On Tue, 3 Nov 1998, James Snow wrote: > > I seem to be having some trouble implementing the following: > > I have a machine that performs NAT. My LAN is 10.0.0.x, and on the > Internet side it's some.real.ip.addr. > > The NAT machine is 10.0.0.10 internally. There is another Unix box at > 10.0.0.2, which runs a web server. > > What I would like to be able to do is transparently map port 80 on the > machine with the real IP address to the machine at 10.0.0.2. > > The impression that I've gotten from what I've read in the man pages for > natd and ipfw is that this can be done. But all my attempts at doing it > have failed. Everything appears to be in place, and then nothing happens. > > Rather than post how I've done this and try to troubleshoot it, could > someone else detail for me how they have done this or might do this? I'm > convinced that I've made some trivial error somewhere and I think if I > stared at another implementation long enough, I might figure it out. > > > Thanks, > Bewildered, > James Snow > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.981103160508.22487E-100000>