Date: Wed, 04 Oct 2006 03:29:08 +0200 From: Alex de Kruijff <freebsd@akruijff.dds.nl> To: Eugene Orlov <orlic@big12.ru> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW + NATD rules Message-ID: <20061004012908.GA1742@Alex1.kruijff.org> In-Reply-To: <116211880.20060827130454@big12.ru> References: <200608232337.k7NNbJT8032059@repoman.freebsd.org> <200608241520.47903.jhb@freebsd.org> <20060824194220.GA59229@submonkey.net> <200608241719.10921.jhb@freebsd.org> <116211880.20060827130454@big12.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 27, 2006 at 01:04:54PM +0500, ?????????? ?????????????? wrote:
> I'm a junior in FreeBSD, and I faced with problem.
You should know that others have mailers that are thread enabled. This
means that when you compose a new mail, but you that the reply sort cut
others may not read this, because it end up in the list.
I redirected the mail to questions@ becuase this is not related to the
stable development brance.
> I've a FreeBSD 6.1-stable box as a gate+firewall, and I want to divert
> incoming requests to my web-server, placed in DeMilitarized Zone
> (DMZ). To do this I wrote down settings in /etc/rc.conf as shown
> above:
>
> natd_flags="-redirect_port tcp 80 192.168.1.234 80"
> natd_flags="-redirect_poort tcp 443 192.168.1.234 443"
You proberbly can not have two lines.
> I think, that all packets incoming from Internet will be diverted from
> the External interface via DMZ interface to my We-server. Is it right?
> If not, why not, and what the way to make it working?
Yes, but you made some mistakes:
1. You have two lines, where only one is allowed.
2. The file format is wrong: should be tcp forward_ip:port port
3. You made a typo
4. Did you setup ipfw?
I've done this with a seperate config file.
firewall_enable="YES"
firewall_type="/etc/firewall.conf"
natd_enable="YES"
natd_flags="-f /etc/natd.conf"
natd_interface="fxp0"
/etc/firewall.conf contains:
add divert 8668 ip from any to any (note: src_ip and dst_ip changes
here, so keep this in mind if you
add rules)
add allow ip from any to any
/etc/natd.conf contains:
redirect_port tcp ip_to_goto:port local_port
Did you setup ipfw and directed packes to natd?
You also need to setup i
--
Alex
Please copy the original recipients, otherwise I may not read your reply.
Howtos based on my personal use, including information about
setting up a firewall and creating traffic graphs with MRTG
http://alex.kruijff.org/FreeBSD/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061004012908.GA1742>