From owner-freebsd-questions Tue Apr 25 19: 7:24 2000 Delivered-To: freebsd-questions@freebsd.org Received: from nameserver.bby.com.au (nameserver.bby.com.au [192.83.119.131]) by hub.freebsd.org (Postfix) with ESMTP id 609E837BAC8 for ; Tue, 25 Apr 2000 19:07:15 -0700 (PDT) (envelope-from imran.ahmad@bby.com.au) Received: from kid.brokerserv.com.au (kid.brokerserv.com.au [192.168.200.15]) by nameserver.bby.com.au (8.9.3/8.9.3) with ESMTP id MAA62290 for ; Wed, 26 Apr 2000 12:03:34 +1000 (EST) Received: from ads05 (ads05.bby.com.au [192.168.200.5]) by kid.brokerserv.com.au (8.9.3/8.9.3) with ESMTP id MAA17766; Wed, 26 Apr 2000 12:07:09 +1000 (EST) Message-Id: <4.2.2.20000426114322.00acbb10@kid> X-Sender: ira@kid X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Wed, 26 Apr 2000 12:07:12 +1000 To: freebsd-questions@FreeBSD.ORG From: Imran Ahmad Subject: natd help Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi; I am running FreeBSD 3.2 release and using it as a firewall. I am running "ipfw" kit. It's working fine and now I want to enable "nat" services on my firewall. I have added the following rules to my firewall config file. 1. if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then $fwcmd 50 add divert natd all from any to any via ${natd_interface} natd_enable= fi 2. On internal interface, I have added the following line, for each possible subnet $fwcmd add 10100 deny all from any to private network:255.255.0.0 ${natd_enabled:+out} via ${oif} ( oif is my external interface) I am running "nat" from "rc.local" script with the following lines in it. /sbin/natd -f /etc/natd.conf And my /etc/natd.conf file looks like this; ---------------------------------------------------------------------------- ---------------------------- log_denied yes log_facility local # translate outgoing packets only if they have RFC1918 addresses #This is the line, If I want to send my Unregistered addresses to the world unregistered_only yes interface fxp0 redirect_port tcp Private Address:443 Public Address:443 ---------------------------------------------------------------------------- -------------------------------- And I have defined a DNS entry pointing to my external server. I am running "https" server on my internal server, and want to divert each request for "443" to my internal server. "Natd" is running, but It's not diverting the request for port "443" to my internal server. Can any body please help me out. Thanks; ______________________________________________________________ Imran Ahmad imran.ahmad@bby.com.au Infrastructure System Manager Phone:+61 2 92260000 Direct:+61 2 9226 0059 Mobile:+61 412 560059 Fax: +61 2 9226 0066 ______________________________________________________________ This electronic mail may contain general securities advice or personal securities recommendations which, while believed to be accurate at the time of publication, are not appropriate for all persons or accounts. Persons or entities considering any advice or recommendations should contact a Burdett Buckeridge Young adviser with any additional questions regarding whether or not the recommendations given are suitable to the person~Rs investment objectives, financial situation and particular needs. From time to time, BBY, its officers, directors, associates and the writer of this report may hold a position in the securities covered. Burdett Buckeridge Young does not accept liability (other than statutory liability) for any errors or omissions or for loss or damage incurred as a result of a person or entity acting in reliance on this document or any attachments. _____________________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message