From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 20:09:34 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5518737B401 for ; Wed, 6 Aug 2003 20:09:34 -0700 (PDT) Received: from web11107.mail.yahoo.com (web11107.mail.yahoo.com [216.136.131.154]) by mx1.FreeBSD.org (Postfix) with SMTP id DDEAB43F93 for ; Wed, 6 Aug 2003 20:09:33 -0700 (PDT) (envelope-from durentiga@yahoo.com) Message-ID: <20030807030933.18342.qmail@web11107.mail.yahoo.com> Received: from [202.158.84.5] by web11107.mail.yahoo.com via HTTP; Thu, 07 Aug 2003 04:09:33 BST Date: Thu, 7 Aug 2003 04:09:33 +0100 (BST) From: =?iso-8859-1?q?Totok?= To: Clement Laforet In-Reply-To: <20030807043543.53428bc6.sheepkiller@cultdeadsheep.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-questions@freebsd.org Subject: Re: ipfw natd forward port 80 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Totok@Psynet.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 03:09:34 -0000 Hi, I have similar problem. I'm using IPF & IPNAT to redirect outbound connection to the internal IP addr. It's been 4 months I can't solve it :( The result so far: The connection was refused (Netscape) Alert! Unable to connect (Lynx) TIA Here is the details IPF.CONF block in log all pass out all pass in on xl1 all pass in on lo all block in log quick on xl0 from 0.0.0.0/32 to any block in log quick on xl0 from 255.255.255.255/32 to any block in log quick on xl0 from 127.0.0.0/8 to any block in log quick on xl0 from any to 0.0.0.0/32 block in log quick on xl0 from any to 255.255.255.255/32 block in log quick on xl0 from any to 127.0.0.0/8 block in log quick on xl0 from 192.168.0.0/16 to any block in log quick on xl0 from 172.16.0.0/12 to any block in log quick on xl0 from 10.0.0.0/8 to any pass in quick on xl0 proto icmp all icmp-type 0 pass in quick on xl0 proto icmp all icmp-type 3 pass in quick on xl0 proto icmp all icmp-type 11 connections to machines block in log on xl0 proto tcp all flags S/SA block in log on xl0 proto tcp all flags SA/SA pass in quick on xl0 proto tcp from any to any port = 5557 flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = 25 flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = 25 flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = 110 flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = 110 flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = 8888 flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = 8888 flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = 80 flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = 80 flags S/SA keep state pass out on xl0 proto tcp all keep state note 5 block return-rst in on xl0 proto tcp from any to any port = 113 block in log quick on xl1 proto tcp from any to any port = 135 block in log quick on xl1 proto udp from any to any port = 135 block in log quick on xl1 proto udp from any to any port = 137 pass in log quick on xl1 proto udp from 192.168.0.1 to any port = 137 block in log quick on xl1 proto tcp from any to any port = 139 block in log quick on xl1 proto tcp from any to any port = 445 block in log quick on xl1 proto udp from any to any port = 138 pass in on xl0 proto udp from 202.xxx.xxx.xxx port = 53 to any pass in on xl0 proto udp from 202.xxx.xxx.xxx port = 53 to any IPNAT map xl0 192.168.0.0/24 -> 202.xxx.xxx.xxx/32 portmap tcp/udp 1025:20000 map xl0 192.168.0.0/24 -> 202.xxx.xxx.xxx/32 rdr xl0 202.xxx.xxx.xxx/32 port 8888 -> 192.168.0.89 port 80 tcp RC.CONF ifconfig_xl1="inet 192.168.0.27 netmask 255.255.255.0" ifconfig_xl0="inet 202.xxx.xxx.xxx netmask 255.255.255.240" gateway_enable="YES" defaultrouter="202.xxx.xxx.xxx" ntpdate_flags="ntp.cyber-fleet.net" ntpdate_enable="YES" sshd_enable="YES" inetd_enable="YES" hostname="AROMA.ialf.edu" sendmail_enable="YES" sendmail_flags="-bd" sendmail_outbound_enable="NO" sendmail_submit_enable="NO" sendmail_msp_queue_enable="NO" inetd_flags="-Ww" ipfilter_enable="YES" ipfilter_rules="/etc/ipf.conf" ipnat_rules="/etc/ipnat.conf" ipnat_flags="-CF" ipmon_enable="YES" --- Clement Laforet wrote: > On Thu, 7 Aug 2003 04:33:43 +0200 > Clement Laforet > wrote: > > oups : > > use this > > natd_flags="-dynamic -redirect_port > 192.168.1.150:80 80" > > natd_flags="-dynamic -redirect_port tcp > 192.168.1.150:80 80" > that's better ;) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/