From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 19:29:36 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE12937B401 for ; Wed, 6 Aug 2003 19:29:36 -0700 (PDT) Received: from smtp806.mail.sc5.yahoo.com (smtp806.mail.sc5.yahoo.com [66.163.168.185]) by mx1.FreeBSD.org (Postfix) with SMTP id 3275143F85 for ; Wed, 6 Aug 2003 19:29:36 -0700 (PDT) (envelope-from boxend@swbell.net) Received: from adsl-65-67-247-232.dsl.okcyok.swbell.net (HELO a-a517f6aa9ec34) (boxend@swbell.net@65.67.247.232 with login) by smtp-sbc-v1.mail.vip.sc5.yahoo.com with SMTP; 7 Aug 2003 02:29:35 -0000 From: boxend@swbell.net To: freebsd-questions@freebsd.org Date: Wed, 06 Aug 2003 21:28:19 -0700 Message-ID: <7ti3jvsotr2gdvbtsvb2a76l5p0hh6uduo@4ax.com> X-Mailer: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: ipfw natd forward port 80 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 02:29:37 -0000 I want to forward port 80 from an outside ip to an internal ip of 192.168.1.150 dc1 is tun0 pppoe / dc0 is lan=20 I have read what seems like 5 diff ways to do this but the only=20 result has been to lock myself out of the computer. What have I missed. rc.conf settings firewall_enable=3D"YES" firewall_script=3D"/etc/firewall/fwrules" firewall_quiet=3D"YES" =20 firewall_logging_enable=3D"YES" #log_in_vain=3D"YES" tcp_drop_synfin=3D"NO"=20 tcp_restrict_rst=3D"NO"=20 icmp_drop_redirect=3D"YES" natd_enable=3D"YES" natd_interface=3D"tun0" natd_flags=3D"-dynamic" gateway_enable=3D"YES" ppp_enable=3D"YES" ppp_mode=3D"ddial" ppp_profile=3D"default" ipfw show 00050 fwd 192.168.1.150,80 tcp from any to 192.168.1.150 in via tun0 00100 divert 8668 ip from any to any via tun0 00200 allow ip from any to any via lo0 00300 allow ip from any to any via dc0 00400 allow tcp from any to any out xmit tun0 setup 00500 allow tcp from any to any via tun0 established 00600 allow tcp from any to any dst-port 25 setup 00800 allow tcp from any to any dst-port 22 setup 01000 allow udp from any to x.x.x.x dst-port 53 out xmit tun0 01100 allow udp from x.x.x.x 53 to any in recv tun0 01200 allow icmp from any to any 01300 deny log ip from any to any 65535 allow ip from any to any from httpd.conf Listen 192.168.1.150:80 ServerName my.lameass.com:80 (( changed to protect me from my ignorance =3D) ))