Re: ipfw+nat

• From: "OxY" <oxy@xxxxxxxx>
• Date: Tue, 27 Dec 2005 17:08:27 +0100

hi!

after i can't get it work with ipfw i tried ipnat..
i am satisfied, it's much more easier..
now, i can redirect packages from my public ip to localhost...
for example:
rdr em0 x.x.x.x/32 port 223 -> 127.0.0.1 port 2233 tcp

how can i make it to redirect packages from x.x.x.x/32 port 223 to another
public ip on
the internet?
if i use this:
rdr em0 x.x.x.x/32 port 223 -> public.ip.on.the.internet port 80 tcp
it hangs for a while, then operation timeout...
thanks!

hi all!

i'd like to ask for your help, because i didn't find anything related about this topic..
i have a box, with public ip, which is connected to other clients through openvpn (10.254.0.x)
i'd like to connect to the openvpn client's port (for example ssh)
through a public address port (x.x.x.x 16354)

unfortunately i totally failed in this, can't even forward to my boxes openvpn address..

tried this:
$cmd 00701 fwd 10.254.0.1,22 tcp from any to x.x.x.x 16354

no result, connection refused..
it works well with datapipe, however i don't want to set up dozens of datapipes :)

natd is enabled, do i need it? or ipfw divert?
i have the following related in kernel conf:

options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=5
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD

do i need anything else?
thx for all your help and merry christmas!
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

• Follow-Ups:
  • Re: ipfw+nat
    • From: Christoph Mathys

• References:
  • ipfw+nat
    • From: OxY

• Prev by Date: Re: Building a release
• Next by Date: [PATCH] pppd: added auto DNS configuration
• Previous by thread: ipfw+nat
• Next by thread: Re: ipfw+nat
• Index(es):
  • Date
  • Thread

Relevant Pages Re: [SLE] tunneling through an intermediate host ... >>Is there some way to set up a connection from my home machine ... >>the gateway to my work machine that makes the gateway become ... SSH to the gateway as usual, setting up a forwarded port to ... > network then it might be easier to setup something like OpenVPN ... (SuSE) ipfw+nat ... i have a box, with public ip, which is connected to other clients through openvpn ... i'd like to connect to the openvpn client's port ... no result, connection refused.. ... or ipfw divert? ... (freebsd-hackers) Re: What is ipfw telling me ? ... > What is ipfw telling me? ... > The 216 host is attempting to break in, but how is it using port 80 on the ... The host 216.239.46.20 is trying to connect to 10.0.0.1; the connection ... (FreeBSD-Security) Re: ipfw - DoS ? ... > How can i deny all connection from port:3072 and ... >:1024 using ipfw? ... So it's certainly a port scan. ... (FreeBSD-Security) Re: ipfw-ntad-jail ... > Ok, so I setup IPFW and NATd on my freeBSD 4.5-RELEASE box, ... > host (dagobah) ... > allow ftp (port 21) ... > add 00600 allow icmp from any to any icmptypes 3 ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint