From owner-freebsd-questions Sun Aug 1 16:26:29 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133]) by hub.freebsd.org (Postfix) with ESMTP id BB90714C1C for ; Sun, 1 Aug 1999 16:26:24 -0700 (PDT) (envelope-from bright@rush.net) Received: from localhost (bright@localhost) by cygnus.rush.net (8.9.3/8.9.3) with SMTP id TAA13664; Sun, 1 Aug 1999 19:27:44 -0400 (EDT) Date: Sun, 1 Aug 1999 19:27:43 -0400 (EDT) From: Alfred Perlstein To: paz Cc: "Paul R. Petitt" , freebsd-questions@FreeBSD.ORG Subject: RE: ipchains in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 1 Aug 1999, paz wrote: > > On Sun, 1 Aug 1999, Paul R. Petitt wrote: > > : At 08:54 AM 7/31/99 -0400, paz wrote: > : > > : > > : >My config: > : >FreeBSD 2.2.7; > : >ISDN Terminal Adapter; > : >Static IP with my service provider; (i.e., one!) > : >domain name name service from ISP; > : >full-time connection; > : >local gateway host is the FreeBSD box; > : >local area net at home uses the gateway to get to the internet; > : >gateway uses natd to hide local net from internet; > ^^^^^^^^^^^^^^^^^ > : >local net uses non-routable addresses, 192.168.xxx.xxx; > : >my domain name is apriori.net; > : >my Windoze box is named cpriori.apriori.net; > : >the FreeBSD gateway box is named gw.apriori.net; > : >daemons running on gateway host include: > : >-- natd > ^^^^ > : >-- named > : >-- ipfw > ^^^^ > : >-- pppd > : >(There are others, but probably not important for this discussion.) > : >Also running tcp wrappers. > ^^^^^^^^^^^^^^^^^^^^^^^^^ > The original topic regarded the possible availability of ipchains in > FreeBSD and alternatives thereof. My reading of its characteristics led me > to believe that its mapping techniques provided the equivalent services to > what I currently run, with the added benefit of following shifting port > addresses without losing the host-to-host mapping when using natd. > > ipchains is freely distributed with the current versions of Linux. Since > I'm a FreeBSD fan, I'd prefer to stay with this OS than try to migrate to > Linux. The same misconfiguration you have going with freebsd will persist no matter what firewall type software FreeBSD chooses to integrate and even if you migrate to Linux. I suggest you look at the documented "-redirect_port" feature of natd to divert the traffic going to the ports you mentioned in your earlier email to the machine behind the firewall. you may also want to try the "-redirect_address" and you most definetly want to add the "-use_sockets" and "-same_ports" good luck, -Alfred Perlstein - [bright@rush.net|bright@wintelcom.net] systems administrator and programmer Wintelcom - http://www.wintelcom.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message