Date: Fri, 28 Jul 2006 12:12:32 +0100 From: "Adam Egan" <adam.egan@gmail.com> To: freebsd-ipfw@freebsd.org Subject: ipfw and natd routing problems Message-ID: <28745bbf0607280412tdff38dck9df78fd0fc363fff@mail.gmail.com> In-Reply-To: <28745bbf0607270947i6d71369fg5c1403b2d6e36219@mail.gmail.com> References: <28745bbf0607270947i6d71369fg5c1403b2d6e36219@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I've recently installed FreeBSD on a Soekris Net 4801 to act as my LAN's router. I have got natd and ipfw working fine (there was originally some trouble with getting an IP from NTL via dhcp because I hadn't allowed the cable modem's ip to talk to the router, or NTL's dhcp servers to also talk to the router). My only problem now is that although connections going out through natd work fine, natd port forwarding does not work correctly. I am not sure whether this is a problem with natd or just my ipfw rule(s), though I am more inclined to believe it is ipfw! ipfw and natd are enabled in /etc/rc.conf through the following lines: #enable firewall firewall_enable="YES" #path to rules firewall_type="/etc/fw/firewall.rules" #be non-verbose? firewall_quiet="NO" #enable natd natd_enable="YES" #natd interface natd_interface="sis0" #flags for natd natd_flags="-f /etc/fw/natd.conf" Below is my ipfw natd rule, and the natd.conf file: [ipfw] # check if incoming packets belong to a natted session, allow through if yes add 01000 divert natd ip from any to any in via sis0 add 01001 check-state [natd.conf] unregistered_only interface sis0 use_sockets dynamic punch_fw 2000:100 same_ports redirect_port tcp 192.168.0.5:80 80 redirect_port tcp 192.168.0.5:6700-6725 6700-6725 When trying to access port 80 (the httpd) externally, the connection just times out, as does any other connection. Any help would be greatly appreciated! Adam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28745bbf0607280412tdff38dck9df78fd0fc363fff>