From owner-freebsd-questions@FreeBSD.ORG Sat Feb 26 07:52:02 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D887E16A4CE for ; Sat, 26 Feb 2005 07:52:02 +0000 (GMT) Received: from sun.home.homeunix.org (c-67-171-199-35.client.comcast.net [67.171.199.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8DD443D2F for ; Sat, 26 Feb 2005 07:52:02 +0000 (GMT) (envelope-from lg+freebsd@home.homeunix.org) Received: by sun.home.homeunix.org (Postfix, from userid 1000) id 08B4457; Fri, 25 Feb 2005 23:52:01 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by sun.home.homeunix.org (Postfix) with ESMTP id F1A4F56 for ; Fri, 25 Feb 2005 23:52:01 -0800 (PST) Date: Fri, 25 Feb 2005 23:52:01 -0800 (PST) From: Deling Ren X-X-Sender: lg@sun.home.homeunix.org To: freebsd-questions@freebsd.org Message-ID: <20050225233650.X66135@sun.home.homeunix.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Question about ipfw, natd and port forwarding. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Feb 2005 07:52:03 -0000 Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3. I am using ipfw and natd. I already got nat running but I am having problem with port forwarding. I am trying to forward port 80 on the nat box to an internal machine (192.168.0.7). I have the following as part of natd_flags: -redirect_port tcp 192.168.0.7:80 xx.xx.xx.xx:80 where xx.xx.xx.xx is the external IP of the nat box. Using the following ipfw rules: 00050 divert 8668 ip from any to any via sis0 65535 allow ip from any to any I have no problem connecting port 80 on the nat box from outside. But as I added stateful ipfw rules, it stops working. Running nmap from outside says port 80 is filtered. I am not sure how to configure the rules to enable port forwarding. Any help will be appreciated. Thanks. Deling Here are my ipfw rules: 00005 allow ip from any to any via $iif 00010 allow ip from any to any via lo0 00014 divert 8668 ip from any to any in via $oif 00015 check-state 00060 skipto 800 tcp from any to any out via $oif setup keep-state 00080 skipto 800 icmp from any to any out via $oif keep-state 00130 skipto 800 udp from any to any out via $oif keep-state 00340 allow icmp from any to me in via $oif keep-state 00360 allow tcp from any to any dst-port 80 in via $oif setup keep-state 00380 allow tcp from any to me dst-port 22 in via $oif setup limit src-addr 5 00400 deny log logamount 5 ip from any to any in via $oif 00450 deny log logamount 5 ip from any to any out via $oif 00800 divert 8668 ip from any to any out via $oif 00801 allow ip from any to any 00999 deny log logamount 5 ip from any to any