Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Jan 2000 12:19:39 -0700
From:      Jeff Lush <jeff@nerdpower.com>
To:        freebsd-questions@freebsd.org
Subject:   natd and ipfw redirection
Message-ID:  <00011413030805.01757@smithers.nerdpower.org>
next in thread | raw e-mail | index | archive | help 
Hello,

I am using FreeBSD to setup a firewall with nat. Essentially, what I would like
to do is have nat translate from private to public IPs, use ipfw for
firewall rules and allow for IP redirection into the LAN for some services such
as SMTP. 

So far, I have nat working and have firewall rules setup accordingly to block
unwanted incoming traffic. Where my difficulties arise are with (I believe)
ipfw. Here's my setup:

In the rc.conf, I have setup an IP bound to de0 and an alias IP for SMTP
traffic:
ifconfig_de0="inet 139.142.250.29 netmask 255.255.255.192"
ifconfig_de0_alias0="inet 139.142.250.39 netmask 255.255.255.255"
ifconfig_de1="inet 192.168.1.1 netmask 255.255.255.0"

In the rc.firewall I have these rules relating to redirection:
add 100 ipfw add divert natd all from any to any via de0 # Pass everything to
natd

Further down the ruleset I then have:
ipfw add 7000 allow tcp from any to any 25 in via 139.142.250.39 setup # Allow
tcp traffic in on port 25 from 139.142.250.39


I then start natd with: 
natd -redirect_port tcp 192.168.1.2:25 139.142.250.39:25

In my opinion, this appears to be correct, but obviously it is not. I feel the
problem is in the firewall rules. I compiled the kernel with 'option
IPFIREWALL_FORWARD', but I'm not sure how it will work with nat. The rule I
have in mind is:
ipfw add 200 fwd 192.168.1.2 all from de0 to de1

My thinking is this is what natd is supposed to do.

I know something is missing, I just don't know what. Any help that can be
offered would be very much appreciated. I can include more from my conf files
if necessary.

Thanks for the help.

Jeff Lush


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00011413030805.01757>