Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Jul 2006 12:12:32 +0100
From:      "Adam Egan" <adam.egan@gmail.com>
To:        freebsd-ipfw@freebsd.org
Subject:   ipfw and natd routing problems
Message-ID:  <28745bbf0607280412tdff38dck9df78fd0fc363fff@mail.gmail.com>
In-Reply-To: <28745bbf0607270947i6d71369fg5c1403b2d6e36219@mail.gmail.com>
References:  <28745bbf0607270947i6d71369fg5c1403b2d6e36219@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

I've recently installed FreeBSD on a Soekris Net 4801 to act as my
LAN's router. I have got natd and ipfw working fine (there was
originally some trouble with getting an IP from NTL via dhcp because I
hadn't allowed the cable modem's ip to talk to the router, or NTL's
dhcp servers to also talk to the router). My only problem now is that
although connections going out through natd work fine, natd port
forwarding does not work correctly. I am not sure whether this is a
problem with natd or just my ipfw rule(s), though I am more inclined
to believe it is ipfw!

ipfw and natd are enabled in /etc/rc.conf through the following lines:

#enable firewall
firewall_enable="YES"
#path to rules
firewall_type="/etc/fw/firewall.rules"
#be non-verbose?
firewall_quiet="NO"

#enable natd
natd_enable="YES"
#natd interface
natd_interface="sis0"
#flags for natd
natd_flags="-f /etc/fw/natd.conf"

Below is my ipfw natd rule, and the natd.conf file:

[ipfw]
# check if incoming packets belong to a natted session, allow through if yes
add 01000 divert natd ip from any to any in via sis0
add 01001 check-state

[natd.conf]
unregistered_only
interface sis0
use_sockets
dynamic
punch_fw 2000:100
same_ports
redirect_port tcp 192.168.0.5:80 80
redirect_port tcp 192.168.0.5:6700-6725 6700-6725

When trying to access port 80 (the httpd) externally, the connection
just times out, as does any other connection. Any help would be
greatly appreciated!

Adam



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28745bbf0607280412tdff38dck9df78fd0fc363fff>