Date: Tue, 14 May 2002 11:16:31 -0400 From: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com> To: "Michael Sierchio" <kudzu@tenebras.com> Cc: <freebsd-security@freebsd.org> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Message-ID: <037d01c1fb66$e405dcf0$c801a8c0@vsivyoung> References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <3CE12690.1060102@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Miroslav Pendev wrote: > > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > > For simplicity lets assume that the firewall type is *open*. > > I find it simpler not to make assumptions -- perhaps you'd like > to explicitly state: the fw rule set, your natd settings, > what port a process in listening on at the target machine, > and whether the target machine has a default route that goes > through your nat box. > OK, the firewall type IS *open* in rc.conf I have this: ======================= #ftp server natd_flags="-redirect_port tcp 192.168.1.100:21 21" #apache server natd_flags="-redirect_port tcp 192.168.1.100:80 9090" 192.168.1.21 - default gateway (FreeBSD Firewall NAT - internal interface xl1) In the internal network: ======================== 192.168.1.100:21 - ftp server 192.168.1.100:80 - apache web server 192.168.1.90 - host in the internal network trying to reach the external interface of the firewall on port 9090 or 21 (192.168.1.21- default gateway) --Miro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?037d01c1fb66$e405dcf0$c801a8c0>