Date: Sun, 18 Jul 2004 05:49:51 -0400 (EDT) From: Incoming Mail List <mailist@whoweb.com> To: freebsd-questions@freebsd.org Subject: more IPFW help please Message-ID: <200407180949.i6I9npmT009080@whoweb.com>
next in thread | raw e-mail | index | archive | help
Hello, I would really appreciate some IPFW2 help with a matter I am unable to resolve. I have a system with 5 nics in it that I want to use as a router, set up as follows (1.2.3.4 is the public address symbol). WAN1 - ed0 - 1.2.3.4 (public address) LAN0 - de0 - 192.168.0.1 LAN1 - de1 - 192.168.1.1 LAN2 - de2 - 192.168.2.1 LAN3 - de3 - 192.168.3.1 A web server exists on 1.2.3.4 and another on 192.168.2.254. I am also using NATD for pub <-> private address translation and to redirect 1.2.3.4 port 80 to 192.168.2.254 port 80 with the command: natd -p 8668 -redirect_port tcp 192.168.2.254:80 80 -n ed0 This all works great from the outside -> in, and the inside -> out using stateful IPFW2 rules. However, I also want the private ip machines to point to 192.168.2.254 if any of them make port 80 requests for 1.2.3.4. I cannot get this to work no matter what I try. To simplify things I've been concentrating on only two networks and even set up a separate natd process for them. Even this won't work. I'm hoping that someone can give me a head-slap and put me back on the right track. Here's the simplest set of rules (static) that I've set up for testing. I'd like to know why this doesn't work. NATD definition natd -p 8668 -redirect_port tcp 192.168.2.254:80 80 -n de3 IPFW definitions 100 divert 8668 log ip from 192.168.3.254 to 1.2.3.4 300 allow log ip from any to any 500 deny log ip from any to any This results in lots of packets accepted, but I get no output on the 192.168.3.254 machine and the browser eventually times out. 100 Divert 8669 TCP 192.168.3.254:4013 24.61.225.235:80 in via de3 300 Accept TCP 192.168.3.254:4013 192.168.2.254:80 in via de3 300 Accept TCP 192.168.3.254:4013 192.168.2.254:80 out via de2 300 Accept TCP 192.168.2.254:80 192.168.3.254:4013 in via de2 300 Accept TCP 192.168.2.254:80 192.168.3.254:4013 out via de3 300 Accept TCP 192.168.3.254:4013 192.168.2.254:80 in via de3 300 Accept TCP 192.168.3.254:4013 192.168.2.254:80 out via de2 300 Accept UDP 192.168.3.254:1033 192.168.1.6:161 in via de3 300 Accept UDP 192.168.3.254:1033 192.168.1.6:161 out via de1 100 Divert 8669 TCP 192.168.3.254:4013 24.61.225.235:80 in via de3 300 Accept TCP 192.168.3.254:4013 192.168.2.254:80 in via de3 300 Accept TCP 192.168.3.254:4013 192.168.2.254:80 out via de2 300 Accept TCP 192.168.2.254:80 192.168.3.254:4013 in via de2 300 Accept TCP 192.168.2.254:80 192.168.3.254:4013 out via de3 300 Accept TCP 192.168.3.254:4013 192.168.2.254:80 in via de3 J
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407180949.i6I9npmT009080>