From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 25 08:07:16 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5297516A4CE for ; Wed, 25 Aug 2004 08:07:16 +0000 (GMT) Received: from mk-smarthost-2.mail.uk.tiscali.com (mk-smarthost-2.mail.uk.tiscali.com [212.74.114.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id C540D43D5C for ; Wed, 25 Aug 2004 08:07:15 +0000 (GMT) (envelope-from fbsd-ipfw@0x10.com) Received: from mk-webmail-2.b2b.uk.tiscali.com ([212.74.112.92]:4933) by mk-smarthost-2.mail.uk.tiscali.com with esmtp (Exim 4.30) id 1BzsoM-000HvO-Ao; Wed, 25 Aug 2004 09:07:14 +0100 Received: from exim by mk-webmail-2.b2b.uk.tiscali.com with local (Exim 4.24) id 1BzsoM-00085W-98; Wed, 25 Aug 2004 09:07:14 +0100 References: <412BA814.9060406@esoltani.com> In-Reply-To: <412BA814.9060406@esoltani.com> From: fbsd-ipfw@0x10.com To: patrick Date: Wed, 25 Aug 2004 09:07:14 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: cc: freebsd-ipfw@freebsd.org Subject: Re: natd and ipfw problems...hope this is the rightplace=) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Aug 2004 08:07:16 -0000 patrick writes: > fbsd-ipfw@0x10.com wrote: >> Diagram: >> .oO( Internet )Oo. >> || >> || >> [----DSL------] >> [ adsl router ] <- No Nat >> [-------------] >> | | >> | | >> | | >> B A >> [--------WL-------] [---BSD---] >> NAT -> [ wireless router ] [ bsd box ] >> [-----------------] [---------] >> X >> | | | >> | | | >> | |___________| >> Y >> [---------WEB--------] >> [ web server + media ] >> [--------------------] >> IP Addresses: >> A: External IP 82.*.*.A >> B: External IP 82.*.*.B >> X: Internal IP 192.168.1.101 >> Y: Internal IP 192.168.1.100 > Hi, > > How the wireless is configured? i.e., does it accept incoming requests > from Internet for the webserver? > > If the wireless IS NOT accepting any incoming requests for the web server > from the Internet then something like the following should do the trick: > > *BSD* box: build it as NATD and IPFW machine. > - Assign your public web IP as an alias to the external NIC, so the > outside world will hit your BSD box for the web pages. > > In /etc/rc.conf add; assuming your public web server is at 82.82.82.82. > Note the netmask which is what ALL the aliased ips should have. Also > assuming you have fxp0 as your External Interface on the BSD box. > > ifconfig_fxp0_alias0="inet 82.82.82.82 netmask 255.255.255.255" > natd_enable="YES" > natd_interface="fxp0" > natd_flags="-f /etc/natd.conf" > > - In your /etc/natd.conf add > redirect_port tcp 192.168.1.100:80 82.82.82.82:80 > > -Adjust your ipfw rules to allow port 80 for the public ip and private ip > to your liking. > > *WEB* box: make it's default gateway the BSD box, i.e., the internal > interface on the BSD box will be the default route for the WEB box. > > Since the Wireless and the BSD box are on the same LAN/network, your > wireless clients should have no problem reaching the web server. > > I am sure there are other ways of doing this, but this a good start. > > Regards, > Patrick Soltani. > > Thanks for the advise, aren't any fwd/divert rules required in ipfw? -Fraser