From owner-freebsd-questions  Wed Mar 13  8:39:58 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from victory.quay.net (gateway.quay.net [216.187.106.90])
	by hub.freebsd.org (Postfix) with ESMTP id BC74837B402
	for <freebsd-questions@freebsd.org>; Wed, 13 Mar 2002 08:39:52 -0800 (PST)
Received: by victory.quay.net (Postfix, from userid 1007)
	id 11A2B5D4A; Wed, 13 Mar 2002 11:39:49 -0500 (EST)
Subject: ipfw/pppoe/nat trouble
To: freebsd-questions@freebsd.org
Date: Wed, 13 Mar 2002 11:39:48 -0500 (EST)
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20020313163949.11A2B5D4A@victory.quay.net>
From: alan@quay.net (Alan McKay)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


So should I give up on PPP's native NAT and switch to NATD?
Anyone know what could be up here?

thanks,
-Alan


Folks,

I'm using FreeBSD 4.5 RELEASE for my firewall, and using it's native ppp
to manage my PPPoE connection.  When doing this, one uses ppp's native
NAT, and not natd.

I have a web cam running on port 80 of a private PC at home, and want to
forward that out to some obscure port on the firewall.  Let's just say for
the sake of argument port 4711.

My firewall (ipfw) rules include :
allow tcp from any to <my-external-IP> 4711 setup

I have the same rule on port 80 for the apache server running on the
firewall, and it works.  The above rulle I have right beside my port 80
rule in the this. However, when I try to hit port 4711 from outside,
and do a "ipfw show", it drops right through that rule to about 5 rules
below where I deny all connections from outside (after allowing the few
that I want to allow).

So I never get to try to see if my NAT rules are correct.  In my
/etc/ppp/ppp.conf file I have (among other things) :

 nat enable yes
 nat log yes
 nat target MYADDR
 nat port tcp <private-ip-of-webcam-PC>:80 4711

Any ideas why my firewall rule is not allowing the 4711 connection?
I'm stumped!

Are there any good examples of using PPPoE's NAT in combo with ipfw
to port-forward to something on the private side?

cheers,
-Alan



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message