Date: Sun, 28 Jan 2001 00:54:51 -0500 (EST) From: "Marius M. Rex" <marius@mail.communityconnect.com> To: questions@freeBSD.org Subject: IPfwd Message-ID: <Pine.BSF.4.21.0101280022390.504-100000@milux.ny.home>
next in thread | raw e-mail | index | archive | help
I have a little home network on which I run ipfw and nat. My significant
other wants to participate in napster, so I wrote a firewall rule so she
could do so. She can now sit at her computer, connect, and download
songs. I have a dynamic ip address, so I wrote it thusly.
$fwcmd add 1500 pass tcp from any to any 6699 in via ${oif}
But of course, no one can connect to her computer and download songs
from her. She has a ip address that is translated by NAT into the one ip
address that I have, on the FreeBSD box. An unsolicited outside
connection is not supposed to be able to set up a connection.
But she wants to be able to give back. So I thought I would just forward
that port. She is the only one who uses Napster, it seemed fairly
reasonable. So I recheached with Napster, and confirmed that it should
answer requests for downloads from 6699.
$fwcmd add 1501 fwd 10.0.0.3 tcp from any to any 6699
This looks to me like it should forward all traffic from port 6699 to her
machine, 10.0.0.3. But still no-one can download music from her. Am I
forwarding it wrong? The systax is valid, I know that. Here are my
current stats:
FreeBSD milux.ny.home 3.5-STABLE FreeBSD 3.5-STABLE #8: Sat Jan 27
14:58:50 EST 2001 marius@milux.ny.home:/usr/src/sys/compile/MILUX
i386
packet fowarding is compiled in the kernel. From my dmesg:
IP packet filtering initialized, divert enabled, rule-based forwarding
enabled, default to accept, logging limited to 100 packets/entry by
default
Any clues to what I am doing wrong? (I know, gotta cvsup soon, I read the
security advisement about ipfw.)
-Marius
(Please cc to me, as I don't subscribe to -questions)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101280022390.504-100000>