Date: Wed, 04 Oct 2006 03:29:08 +0200 From: Alex de Kruijff <freebsd@akruijff.dds.nl> To: Eugene Orlov <orlic@big12.ru> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW + NATD rules Message-ID: <20061004012908.GA1742@Alex1.kruijff.org> In-Reply-To: <116211880.20060827130454@big12.ru> References: <200608232337.k7NNbJT8032059@repoman.freebsd.org> <200608241520.47903.jhb@freebsd.org> <20060824194220.GA59229@submonkey.net> <200608241719.10921.jhb@freebsd.org> <116211880.20060827130454@big12.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 27, 2006 at 01:04:54PM +0500, ?????????? ?????????????? wrote: > I'm a junior in FreeBSD, and I faced with problem. You should know that others have mailers that are thread enabled. This means that when you compose a new mail, but you that the reply sort cut others may not read this, because it end up in the list. I redirected the mail to questions@ becuase this is not related to the stable development brance. > I've a FreeBSD 6.1-stable box as a gate+firewall, and I want to divert > incoming requests to my web-server, placed in DeMilitarized Zone > (DMZ). To do this I wrote down settings in /etc/rc.conf as shown > above: > > natd_flags="-redirect_port tcp 80 192.168.1.234 80" > natd_flags="-redirect_poort tcp 443 192.168.1.234 443" You proberbly can not have two lines. > I think, that all packets incoming from Internet will be diverted from > the External interface via DMZ interface to my We-server. Is it right? > If not, why not, and what the way to make it working? Yes, but you made some mistakes: 1. You have two lines, where only one is allowed. 2. The file format is wrong: should be tcp forward_ip:port port 3. You made a typo 4. Did you setup ipfw? I've done this with a seperate config file. firewall_enable="YES" firewall_type="/etc/firewall.conf" natd_enable="YES" natd_flags="-f /etc/natd.conf" natd_interface="fxp0" /etc/firewall.conf contains: add divert 8668 ip from any to any (note: src_ip and dst_ip changes here, so keep this in mind if you add rules) add allow ip from any to any /etc/natd.conf contains: redirect_port tcp ip_to_goto:port local_port Did you setup ipfw and directed packes to natd? You also need to setup i -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061004012908.GA1742>