From owner-freebsd-questions Sat Jan 27 21:55: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from milux.ny.home (24-168-148-192.nyc.rr.com [24.168.148.192]) by hub.freebsd.org (Postfix) with ESMTP id E237D37B400 for ; Sat, 27 Jan 2001 21:54:51 -0800 (PST) Received: from localhost (marius@localhost) by milux.ny.home (8.9.3/8.9.3) with ESMTP id AAA00555 for ; Sun, 28 Jan 2001 00:54:51 -0500 (EST) (envelope-from marius@mail.communityconnect.com) X-Authentication-Warning: milux.ny.home: marius owned process doing -bs Date: Sun, 28 Jan 2001 00:54:51 -0500 (EST) From: "Marius M. Rex" X-Sender: marius@milux.ny.home To: questions@freeBSD.org Subject: IPfwd Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a little home network on which I run ipfw and nat. My significant other wants to participate in napster, so I wrote a firewall rule so she could do so. She can now sit at her computer, connect, and download songs. I have a dynamic ip address, so I wrote it thusly. $fwcmd add 1500 pass tcp from any to any 6699 in via ${oif} But of course, no one can connect to her computer and download songs from her. She has a ip address that is translated by NAT into the one ip address that I have, on the FreeBSD box. An unsolicited outside connection is not supposed to be able to set up a connection. But she wants to be able to give back. So I thought I would just forward that port. She is the only one who uses Napster, it seemed fairly reasonable. So I recheached with Napster, and confirmed that it should answer requests for downloads from 6699. $fwcmd add 1501 fwd 10.0.0.3 tcp from any to any 6699 This looks to me like it should forward all traffic from port 6699 to her machine, 10.0.0.3. But still no-one can download music from her. Am I forwarding it wrong? The systax is valid, I know that. Here are my current stats: FreeBSD milux.ny.home 3.5-STABLE FreeBSD 3.5-STABLE #8: Sat Jan 27 14:58:50 EST 2001 marius@milux.ny.home:/usr/src/sys/compile/MILUX i386 packet fowarding is compiled in the kernel. From my dmesg: IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default Any clues to what I am doing wrong? (I know, gotta cvsup soon, I read the security advisement about ipfw.) -Marius (Please cc to me, as I don't subscribe to -questions) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message