Date: Fri, 25 Feb 2005 23:52:01 -0800 (PST) From: Deling Ren <lg+freebsd@home.homeunix.org> To: freebsd-questions@freebsd.org Subject: Question about ipfw, natd and port forwarding. Message-ID: <20050225233650.X66135@sun.home.homeunix.org>
next in thread | raw e-mail | index | archive | help
Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3. I am using ipfw and natd. I already got nat running but I am having problem with port forwarding. I am trying to forward port 80 on the nat box to an internal machine (192.168.0.7). I have the following as part of natd_flags: -redirect_port tcp 192.168.0.7:80 xx.xx.xx.xx:80 where xx.xx.xx.xx is the external IP of the nat box. Using the following ipfw rules: 00050 divert 8668 ip from any to any via sis0 65535 allow ip from any to any I have no problem connecting port 80 on the nat box from outside. But as I added stateful ipfw rules, it stops working. Running nmap from outside says port 80 is filtered. I am not sure how to configure the rules to enable port forwarding. Any help will be appreciated. Thanks. Deling Here are my ipfw rules: 00005 allow ip from any to any via $iif 00010 allow ip from any to any via lo0 00014 divert 8668 ip from any to any in via $oif 00015 check-state 00060 skipto 800 tcp from any to any out via $oif setup keep-state 00080 skipto 800 icmp from any to any out via $oif keep-state 00130 skipto 800 udp from any to any out via $oif keep-state 00340 allow icmp from any to me in via $oif keep-state 00360 allow tcp from any to any dst-port 80 in via $oif setup keep-state 00380 allow tcp from any to me dst-port 22 in via $oif setup limit src-addr 5 00400 deny log logamount 5 ip from any to any in via $oif 00450 deny log logamount 5 ip from any to any out via $oif 00800 divert 8668 ip from any to any out via $oif 00801 allow ip from any to any 00999 deny log logamount 5 ip from any to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050225233650.X66135>