Date: Wed, 25 Aug 2004 09:07:14 +0100 From: fbsd-ipfw@0x10.com To: patrick <patrick@esoltani.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: natd and ipfw problems...hope this is the rightplace=) Message-ID: <E1BzsoM-00085W-98@mk-webmail-2.b2b.uk.tiscali.com> In-Reply-To: <412BA814.9060406@esoltani.com> References: <E1BzXfH-0003AQ-9n@mk-webmail-1.b2b.uk.tiscali.com> <412BA814.9060406@esoltani.com>
next in thread | previous in thread | raw e-mail | index | archive | help
patrick writes: > fbsd-ipfw@0x10.com wrote: >> Diagram: >> .oO( Internet )Oo. >> || >> || >> [----DSL------] >> [ adsl router ] <- No Nat >> [-------------] >> | | >> | | >> | | >> B A >> [--------WL-------] [---BSD---] >> NAT -> [ wireless router ] [ bsd box ] >> [-----------------] [---------] >> X >> | | | >> | | | >> | |___________| >> Y >> [---------WEB--------] >> [ web server + media ] >> [--------------------] >> IP Addresses: >> A: External IP 82.*.*.A >> B: External IP 82.*.*.B >> X: Internal IP 192.168.1.101 >> Y: Internal IP 192.168.1.100 > Hi, > > How the wireless is configured? i.e., does it accept incoming requests > from Internet for the webserver? > > If the wireless IS NOT accepting any incoming requests for the web server > from the Internet then something like the following should do the trick: > > *BSD* box: build it as NATD and IPFW machine. > - Assign your public web IP as an alias to the external NIC, so the > outside world will hit your BSD box for the web pages. > > In /etc/rc.conf add; assuming your public web server is at 82.82.82.82. > Note the netmask which is what ALL the aliased ips should have. Also > assuming you have fxp0 as your External Interface on the BSD box. > > ifconfig_fxp0_alias0="inet 82.82.82.82 netmask 255.255.255.255" > natd_enable="YES" > natd_interface="fxp0" > natd_flags="-f /etc/natd.conf" > > - In your /etc/natd.conf add > redirect_port tcp 192.168.1.100:80 82.82.82.82:80 > > -Adjust your ipfw rules to allow port 80 for the public ip and private ip > to your liking. > > *WEB* box: make it's default gateway the BSD box, i.e., the internal > interface on the BSD box will be the default route for the WEB box. > > Since the Wireless and the BSD box are on the same LAN/network, your > wireless clients should have no problem reaching the web server. > > I am sure there are other ways of doing this, but this a good start. > > Regards, > Patrick Soltani. > > Thanks for the advise, aren't any fwd/divert rules required in ipfw? -Fraser
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1BzsoM-00085W-98>