port forwarding -- nat/ipfw

---

• From: "MZ" <mark@xxxxxxxxxx>
• Date: Sat, 12 May 2007 19:36:50 -0400

---

<FreeBSD 6.2 box used as router>

I can't get port forwarding to work within or outside the LAN. I want to be
able to type the IP address of my router (192.168.0.1) in a web browser,
specify port 8080, and a directory afterwards. And then have it forward to
a server set up on another machine (192.168.0.20) listening on 8080.

My natd.conf on my router machine looks like this:

use_sockets yes
same_ports yes
unregistered_only yes
dynamic yes
redirect_port tcp 192.168.0.20:8080 8080

An ipfw show reveals that my firewall is (temporarily) open:

00002 1005298 430722216 allow ip from any to any via vr0
00003 980 356944 allow ip from any to any via lo0
00100 572333 354481284 divert 8668 ip from any to any in via xl0
00101 0 0 check-state
00110 422399 309684521 skipto 500 tcp from any to any out via xl0 setup
keep-state
00120 606831 121482513 skipto 500 udp from any to any out via xl0
keep-state
00130 5525 308848 skipto 500 icmp from any to any out via xl0
keep-state
00400 4368 408903 allow tcp from any to any in via xl0 setup limit
src-addr 1
00410 11198 3153576 allow udp from any to any in keep-state
00420 2673 247293 allow icmp from any to any in keep-state
00450 9765 491896 deny log ip from any to any
00500 486258 80911184 divert 8668 ip from any to any out via xl0
00510 1034755 431475882 allow ip from any to any
65535 7 675 deny ip from any to any

<vr0 is the pci card facing the LAN, xl0 is the pci card facing the
internet>

Directly typing in http://192.168.0.20:8080/dirname into a web browser from
within the LAN gets me to where I want to go, so I know that the server
listening on 8080 is working fine. Typing http://192.168.0.1:8080/dirname
gives me "unable to connect", so forwarding is clearly not working.

Any ideas?


.

---

• Follow-Ups:
  • Re: port forwarding -- nat/ipfw
    • From: Adrian Urquhart

• Prev by Date: Re: installing FreeBSD 6.2 w/ ICH8 chipset
• Next by Date: Re: installing FreeBSD 6.2 w/ ICH8 chipset
• Previous by thread: Libc des_crypt does not encrypted! Why?
• Next by thread: Re: port forwarding -- nat/ipfw
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: RD works on LAN not across Internet ... If you setup port forwarding for TCP Port 3389 on your router to the private LAN IP of the PC you ... If it fails then you have an issue with port forwarding on the router. ... I have verified that the Windows Firewall's scope for Remote ... (microsoft.public.windowsxp.work_remotely) Re: RD works on LAN not across Internet ... modem - no router involved with the same ... Zone Alarm's free firewall behind the router with port forwarding (note that ... knowing the router IS correctly doing port forwarding), ... outside my LAN. ... (microsoft.public.windowsxp.work_remotely) RE: How to tell if port 25 for SMTP is enabled ... For Port Forwarding the following configuration is required on Dlink G604t ... To configure Port Forwarding for any IP Address on LAN, ... > router. ... (microsoft.public.windows.server.sbs) Re: Listening port does NOT change after following Article ID : 306759 ... Did you test over the local LAN to verify its not a port forwarding issue ... > I have two computers running behind a WRT54G Linksys router ... > LAN computers and AFTER reboot, the listening port does not change. ... (microsoft.public.windowsxp.work_remotely) RE: Error with daemon natd ... win boxes on your lan then you would want to install DHCP server on ... need to access the public internet through your gateway. ... # Only valid response to the packets I've sent out are allowed in. ... # the "dynamic" rules table by an allow keep-state statement. ... (freebsd-questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)