From owner-freebsd-questions Tue Sep 11 10:14:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from relay.comm2000.it (mindseal.comm2000.it [194.133.0.6]) by hub.freebsd.org (Postfix) with ESMTP id 11F5037B40E for ; Tue, 11 Sep 2001 10:14:03 -0700 (PDT) Received: from [192.168.69.11] (TaRanTuLa.comm2000.it [194.133.0.222]) by relay.comm2000.it (8.11.2/MFAGMM-19990726) with SMTP id f85FIpk27315 for ; Wed, 5 Sep 2001 17:18:51 +0200 X-SMTP-Peer: TaRanTuLa.comm2000.it [194.133.0.222] From: Silvio Subject: To: freebsd-questions@FreeBSD.ORG Date: Wed, 5 Sep 2001 17:05:00 +0200 Lines: 29 Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Mailer: Kaufman Mail Warrior 3.60 Final Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG 9/5/2001 17:05:01 Hi there! An issue with natd: my request is to use a BSD 4.4 box as a firewall protecting an httpd machine on a private LAN. An external client wanting to access the httpd is to call firewall's external ip on port 80 - firewall's job will be to redirect the call to the lan and nat back httpd's answers to external client. This is how I did it, and it works: ipfw add divert 8668 tcp from any to 80 in via natd -n -redirect_address ipfw add allow tcp from any to 80 in via ipfw add allow tcp from any to 80 out via ipfw add divert 8688 tcp from to any in via natd -p 8688 -n -reverse ipfw add allow tcp from 80 to any in via ipfw add allow tcp from 80 to any out via I'm quite sure there a better [leaner, more polished] way of doing it, either with ipfw fwd and one natd only or elseway whatsoever. Anybody out there with ideas? Thanx in advance & Regards silvio@kpnqwest.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message