RE: port redirection with natd and ipfw
- From: "Wood, Russell" <Russell.Wood@xxxxxxxxxx>
- Date: Mon, 20 Nov 2006 10:10:49 +0800
-----Original Message-----
From: owner-freebsd-questions@xxxxxxxxxxx [mailto:owner-freebsd-
questions@xxxxxxxxxxx] On Behalf Of Nilton Volpato
Sent: Sunday, 19 November 2006 7:13 AM
To: freebsd-questions@xxxxxxxxxxx
Subject: port redirection with natd and ipfw
Hi,
I'm using a computer with FreeBSD as a gateway and NAT for a private
LAN. Let's say the gateway has external.com as external address, and
192.168.0.1 as internal address, so that the LAN is 192.168.0.0/24.
I'm doing a number of port redirects in the gateway, for svn, http,
https, ssh, etc using natd. However, these port redirects do not work
from inside the LAN.
For instance, if I point my browser to http://external.com and I'm in
the LAN, then it will not work. I can't use the internal address of
the web server because none of the links will work on the web page.
In summary, I want that my port redirections work also when I try to
connect to the gateway's external address from inside the LAN.
I'm using a minimal ipfw configuration to try to solve this. This is
the default configuration.
00050 divert 8668 ip4 from any to any via vr0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to any
I tried to add:
00060 divert 8668 ip4 from 192.168.0.0/24 to external.com
expecting that it would send the packets from LAN to natd, which would
apply the port redirections. But it did not work.
How can I solve this?
Thanks,
-- Nilton
I had a similar setup once and used Split DNS with BIND. So, if you
requested example.com on 192.168.0.0/24 then you'd get the internal IP,
otherwise you got the external IP.
Regards,
Russell Wood
DISCLAIMER:
Disclaimer. This e-mail is private and confidential. If you are not the intended recipient, please advise us by return e-mail immediately, and delete the e-mail and any attachments without using or disclosing the contents in any way. The views expressed in this e-mail are those of the author, and do not represent those of this company unless this is clearly indicated. You should scan this e-mail and any attachments for viruses. This company accepts no liability for any direct or indirect damage or loss resulting from the use of any attachments to this e-mail.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: port redirection with natd and ipfw
- From: Nilton Volpato
- Re: port redirection with natd and ipfw
- Prev by Date: RE: Xircom XE2000 card problem
- Next by Date: Subscription problems
- Previous by thread: Re: port redirection with natd and ipfw
- Next by thread: Re: port redirection with natd and ipfw
- Index(es):
Relevant Pages
|
