Re: port forwarding -- nat/ipfw
- From: Adrian Urquhart <adrian@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 May 2007 07:24:38 -0500
On Mon, 14 May 2007 08:01:58 -0400, MZ wrote:
"Adrian Urquhart" <adrian@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:pan.2007.05.14.11.51.19@xxxxxxxxxxxxxxxxxxxxxxxxxxx
On Sat, 12 May 2007 19:36:50 -0400, MZ wrote:
<FreeBSD 6.2 box used as router>
I can't get port forwarding to work within or outside the LAN. I want
to be able to type the IP address of my router (192.168.0.1) in a web
browser, specify port 8080, and a directory afterwards. And then have
it forward to a server set up on another machine (192.168.0.20)
listening on 8080.
My natd.conf on my router machine looks like this:
use_sockets yes
same_ports yes
unregistered_only yes
dynamic yes
redirect_port tcp 192.168.0.20:8080 8080
An ipfw show reveals that my firewall is (temporarily) open:
00002 1005298 430722216 allow ip from any to any via vr0 00003 980
356944 allow ip from any to any via lo0 00100 572333 354481284
divert
8668 ip from any to any in via xl0 00101 0 0 check-state
00110 422399 309684521 skipto 500 tcp from any to any out via xl0
setup keep-state
00120 606831 121482513 skipto 500 udp from any to any out via xl0
keep-state
00130 5525 308848 skipto 500 icmp from any to any out via xl0
keep-state
00400 4368 408903 allow tcp from any to any in via xl0 setup
limit src-addr 1
00410 11198 3153576 allow udp from any to any in keep-state 00420
2673 247293 allow icmp from any to any in keep-state 00450 9765
491896 deny log ip from any to any 00500 486258 80911184 divert 8668
ip from any to any out via xl0 00510 1034755 431475882 allow ip from
any to any 65535 7 675 deny ip from any to any
<vr0 is the pci card facing the LAN, xl0 is the pci card facing the
internet>
Directly typing in http://192.168.0.20:8080/dirname into a web browser
from within the LAN gets me to where I want to go, so I know that the
server listening on 8080 is working fine. Typing
http://192.168.0.1:8080/dirname gives me "unable to connect", so
forwarding is clearly not working.
Any ideas?
As far as I know, port forwarding applies to packets coming in from the
Internet to your external (public) IP and will have no effect on LAN
traffic. So your setup allows Internet traffic to access the Web server
on 192.168.0.20 by accessing your public address on port 8080.
Also, you won't be able to test this forwarding from inside your LAN
due to "double NATing" - you can't go out from your LAN to your public
IP and then back in to a port forwarded machine. You need to use a
machine external to your LAN. So things may be working as you want them
to, it's just that you're testing incorrectly.
-Adrian
How would I go about making it work from both inside and outside the lan
using the same address? Ideally, I'd like to add a link to my web page
that brings me to the forwarded machine, so I'd like to avoid having two
separate URLs.
If you want http://www.myserver.com to work for internal and external
clients then you need some DNS trickery. External clients get your public
IP, internal ones get the LAN IP. BIND can be set up to provide different
views to internal and external queries, but if you don't run your own
nameservers then you can use dnsmasq
(http://www.thekelleys.org.uk/dnsmasq/doc.html). Typically, this runs on
the gateway and provides DHCP service and DNS forwarding for the LAN. As
part of its configuration you can tell it that LAN queries for
*.myserver.com are to get LAN addresses returned, all other queries are
forwarded to the internet. If you don't want to use DHCP then just set
the gateway /etc/hosts file with the names and addresses of your LAN
hosts and it will use that to reply to LAN queries.
-Adrian
.
- References:
- port forwarding -- nat/ipfw
- From: MZ
- Re: port forwarding -- nat/ipfw
- From: Adrian Urquhart
- Re: port forwarding -- nat/ipfw
- From: MZ
- port forwarding -- nat/ipfw
- Prev by Date: Re: port forwarding -- nat/ipfw
- Next by Date: 6.2 and ATM (NATM) freezes
- Previous by thread: Re: port forwarding -- nat/ipfw
- Next by thread: Re: port forwarding -- nat/ipfw
- Index(es):
Relevant Pages
|
