From owner-freebsd-questions@FreeBSD.ORG Mon Oct 4 09:40:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C15C16A4CE for ; Mon, 4 Oct 2004 09:40:16 +0000 (GMT) Received: from mx20.leapbroadband.ie (smtprelay.leapbroadband.ie [217.67.140.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E6F143D54 for ; Mon, 4 Oct 2004 09:40:15 +0000 (GMT) (envelope-from relyod@cooperationireland.org) Received: from mail.cooperationireland.org ([217.67.143.158]) by mx20.leapbroadband.ie (8.12.8/8.12.8) with ESMTP id i949eDf3019404 for ; Mon, 4 Oct 2004 10:40:13 +0100 Received: from IT3.cooperationireland.org (it3 [199.107.2.144]) i949Zm7q093499 for ; Mon, 4 Oct 2004 10:35:48 +0100 (IST) (envelope-from relyod@cooperationireland.org) Message-Id: <6.1.2.0.0.20041004103313.027f0808@199.107.2.1> X-Sender: relyod@199.107.2.1 X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Mon, 04 Oct 2004 10:39:41 +0100 To: freebsd-questions@freebsd.org From: Mike Doyle Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-CoopIrl-MailScanner: Found to be clean X-MailScanner-From: relyod@cooperationireland.org Subject: Help wanted with NAT/IPFW settings (4.10 stable) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2004 09:40:16 -0000 Hi I am using FreeBSD 4.10 stable (cvsupped about a month ago), and I have hit a problem with the firewall configuration and allowing a specific application to work. At the moment all sorts of things work correctly: The FreeBSD machine acts as a test-server and firewall when I'm working from home My WinXP and Apple OSX 10.3.5 desktops can see web pages, send/rcv email I use vtun to enable all 3 machines to access my corporate VPN, What is NOT working is iChatAV on the Mac. The remote person always seems to get a connection timed out error stating that they are unable to connect to 10.0.1.1 (the ip address of the mac on the INTERNAL network, rather than the fixed IP address of my DSL modem) The DSL modem thingy contains a primitive firewall, and applies NAT to the packets addressed to the external ethernet address of my FreeBSD computer. This computer then uses firewall/NAT rules to allow packets in to/out from the other two computers. I can even successfully play Quake III on-line from the Windows box, so the NAT redirection of UDP packets is working there... If anyone on the list has successfully configured this to work, I will be prepared to send you my rc.firewall and natd.conf files to see if you can help me. Mike <>< =================================================== ><> Michael Doyle email: relyod@cooperationireland.org Network Administrator mobile: +353 87 235 7853 Co-operation Ireland http://www.cooperationireland.org/ Phone: +353-1-661 0588 Fax: +353-1-661 8456 ***********************************************************