From owner-freebsd-ipfw Wed Sep 25 0:43:19 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9746F37B401; Wed, 25 Sep 2002 00:43:17 -0700 (PDT) Received: from 602pro.software602.sk (602pro.software602.sk [194.1.191.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 7A7D243E65; Wed, 25 Sep 2002 00:43:15 -0700 (PDT) (envelope-from juro@software602.sk) Received: from 194.1.191.22 ([194.1.191.22]) by 602pro.software602.sk (602Pro MESSAGING SERVER v. 4.0) id 2b3f7d5f; Wed, 25 Sep 2002 9:44:04 +0200 From: "Juraj Petrik" To: Cc: Subject: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease Date: Wed, 25 Sep 2002 09:41:44 +0200 Message-ID: <002201c26467$1fdf9270$7a01a8c0@pcjuro> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: High X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Disposition-Notification-To: "Juraj Petrik" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG hello, can you help me, please, I'm trying to run firewall with using IPFilter, IPNAT and Dummynet, on FreeBSD I'm readed so much HOWTOs but, I can't do redirection to another server in internal network: rl0 - WAN (194.x.x.0/24) 194.x.x.22 if FreeBSD box rl1 - LAN (192.168.1.0/24) 192.168.1.22 if FreeBSD box rl2 - DMZ (10.0.0.0/24) 10.0.0.22 if FreeBSD box my server is now on LAN, not on DMZ. I'm using FreeBSD 4.7 prerelease from CVS. In kernel config have added: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=30 options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options DUMMYNET options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK options RANDOM_IP_ID in /etc/rc.conf have: tcp_extensions="YES" gateway_enable="YES" portmap_enable="NO" #firewall_enable="YES" #firewall_type="/etc/dummynet.conf" #firewall_logging="NO" ipfilter_enable="YES" ipfilter_flags="" ipfilter_rules="/etc/ipf.conf" ipnat_enable="YES" ipnat_flags="" ipnat_rules="/etc/ipnat.conf" ipmon_enable="YES" ipmon_flags="-Dns -l block" in /etc/ipf.conf: pass in log all pass out log all in /etc/ipnat.conf: map rl0 192.168.1.0/24 -> 194.x.x.22/32 map rl0 0/0 -> 194.x.x.22/32 proxy port ftp ftp/tcp map rl0 192.168.1.0/24 -> 194.x.x.22/32 portmap tcp/udp 12500:60000 map rl0 192.168.1.0/24 -> 194.x.x.22/32 rdr rl0 194.x.x.22/32 port 80 -> 192.168.1.35 port 80 rdr rl0 194.x.x.22/32 port 22 -> 192.168.1.35 port 22 NAT from LAN to internet works OK, but from Internet I can't redirct connect to server on LAN (192.168.1.35) Please help me ANYBODY!!!! -jp- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message