Question about ipfw, natd and port forwarding.

• Previous message: Giorgos Keramidas: "Re: Is Yahoo! moving from FreeBSD?"
• Next in thread: Lowell Gilbert: "Re: Question about ipfw, natd and port forwarding."
• Reply: Lowell Gilbert: "Re: Question about ipfw, natd and port forwarding."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 25 Feb 2005 23:52:01 -0800 (PST)
To: freebsd-questions@freebsd.org

Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
I am using ipfw and natd. I already got nat running but I am having
problem with port forwarding. I am trying to forward port 80 on the nat
box to an internal machine (192.168.0.7). I have the following as part of
natd_flags:

-redirect_port tcp 192.168.0.7:80 xx.xx.xx.xx:80

where xx.xx.xx.xx is the external IP of the nat box.

Using the following ipfw rules:

00050 divert 8668 ip from any to any via sis0
65535 allow ip from any to any

I have no problem connecting port 80 on the nat box from outside. But as I
added stateful ipfw rules, it stops working. Running nmap from outside
says port 80 is filtered. I am not sure how to configure the rules to
enable port forwarding. Any help will be appreciated. Thanks.

Deling

Here are my ipfw rules:

00005 allow ip from any to any via $iif
00010 allow ip from any to any via lo0
00014 divert 8668 ip from any to any in via $oif

00015 check-state

00060 skipto 800 tcp from any to any out via $oif setup keep-state
00080 skipto 800 icmp from any to any out via $oif keep-state
00130 skipto 800 udp from any to any out via $oif keep-state

00340 allow icmp from any to me in via $oif keep-state

00360 allow tcp from any to any dst-port 80 in via $oif setup keep-state
00380 allow tcp from any to me dst-port 22 in via $oif setup limit
src-addr 5

00400 deny log logamount 5 ip from any to any in via $oif
00450 deny log logamount 5 ip from any to any out via $oif

00800 divert 8668 ip from any to any out via $oif
00801 allow ip from any to any
00999 deny log logamount 5 ip from any to any

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Giorgos Keramidas: "Re: Is Yahoo! moving from FreeBSD?"
• Next in thread: Lowell Gilbert: "Re: Question about ipfw, natd and port forwarding."
• Reply: Lowell Gilbert: "Re: Question about ipfw, natd and port forwarding."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: tranparent proxying, squid, nat, ipfw ... I have done a number of servers in this setup. ... the divert line as the first line in ipfw and the necessary NAT in rc.conf. ... > so far this was the simpliest squid configuration that i've seen... ... (freebsd-questions) IPFW & SQUID & 2 bsd boxes & 2 different internet routers ... Box A is the bsd gateway with nics IIF and OIF. ... Runs ipfw which forwards the tcp 80 connections from the IIF network to box ... It has a default gateway of internet router C ... (freebsd-questions) NATD Firewall Rules Setup ... I'm configuring a firewall. ... locked down as I need it to be but am having issues getting NAT working. ... /sbin/ipfw add deny all from $:$to any in via ${oif} ... (freebsd-questions) Re: ipfw and DHCP ... >> How do you get ipfw to pick-up DHCP value for oif in the rc.firewall script ... (FreeBSD-Security)