From owner-freebsd-ipfw@FreeBSD.ORG Fri Jul 28 11:12:36 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1841416A4DE for ; Fri, 28 Jul 2006 11:12:36 +0000 (UTC) (envelope-from adam.egan@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6778843D6B for ; Fri, 28 Jul 2006 11:12:34 +0000 (GMT) (envelope-from adam.egan@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so147134nfc for ; Fri, 28 Jul 2006 04:12:32 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NvIg+dVqhP+nvER9QK2dwohdzECsjVtsCERnXugKR8l6jNqXmFd55pSk7wptChK6cGlewsi1fIIKWa1yYbm1edZ4A7yPHqCxaXxNBJsXL6zjrOHN6csVOILQspuYP4M33iRA2d8fZ7OoSB7B1gxhYBaxz9YCOxE5yV1IyWKiNiI= Received: by 10.49.7.3 with SMTP id k3mr543605nfi; Fri, 28 Jul 2006 04:12:32 -0700 (PDT) Received: by 10.48.207.18 with HTTP; Fri, 28 Jul 2006 04:12:32 -0700 (PDT) Message-ID: <28745bbf0607280412tdff38dck9df78fd0fc363fff@mail.gmail.com> Date: Fri, 28 Jul 2006 12:12:32 +0100 From: "Adam Egan" To: freebsd-ipfw@freebsd.org In-Reply-To: <28745bbf0607270947i6d71369fg5c1403b2d6e36219@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <28745bbf0607270947i6d71369fg5c1403b2d6e36219@mail.gmail.com> Subject: ipfw and natd routing problems X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 11:12:36 -0000 Hi, I've recently installed FreeBSD on a Soekris Net 4801 to act as my LAN's router. I have got natd and ipfw working fine (there was originally some trouble with getting an IP from NTL via dhcp because I hadn't allowed the cable modem's ip to talk to the router, or NTL's dhcp servers to also talk to the router). My only problem now is that although connections going out through natd work fine, natd port forwarding does not work correctly. I am not sure whether this is a problem with natd or just my ipfw rule(s), though I am more inclined to believe it is ipfw! ipfw and natd are enabled in /etc/rc.conf through the following lines: #enable firewall firewall_enable="YES" #path to rules firewall_type="/etc/fw/firewall.rules" #be non-verbose? firewall_quiet="NO" #enable natd natd_enable="YES" #natd interface natd_interface="sis0" #flags for natd natd_flags="-f /etc/fw/natd.conf" Below is my ipfw natd rule, and the natd.conf file: [ipfw] # check if incoming packets belong to a natted session, allow through if yes add 01000 divert natd ip from any to any in via sis0 add 01001 check-state [natd.conf] unregistered_only interface sis0 use_sockets dynamic punch_fw 2000:100 same_ports redirect_port tcp 192.168.0.5:80 80 redirect_port tcp 192.168.0.5:6700-6725 6700-6725 When trying to access port 80 (the httpd) externally, the connection just times out, as does any other connection. Any help would be greatly appreciated! Adam