From owner-freebsd-questions Wed Mar 13 9: 3:40 2002 Delivered-To: freebsd-questions@freebsd.org Received: from sage-one.net (adsl-64-219-21-235.dsl.crchtx.swbell.net [64.219.21.235]) by hub.freebsd.org (Postfix) with ESMTP id 9F71737B404 for ; Wed, 13 Mar 2002 09:03:34 -0800 (PST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g2DH3Xr17094; Wed, 13 Mar 2002 11:03:33 -0600 (CST) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020313110331.01178868@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 13 Mar 2002 11:03:31 -0600 To: alan@quay.net (Alan McKay), freebsd-questions@FreeBSD.ORG From: Server Admin Subject: Re: ipfw/pppoe/nat trouble In-Reply-To: <20020313163949.11A2B5D4A@victory.quay.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Alan: Gerry's method on an earlier reply is the way to do it. A config file running NATD.... more flexibility - lots of stuff can be placed in the config file for natd to look at.... At 11:39 AM 3.13.2002 -0500, Alan McKay wrote: > >So should I give up on PPP's native NAT and switch to NATD? >Anyone know what could be up here? > >thanks, >-Alan > > >Folks, > >I'm using FreeBSD 4.5 RELEASE for my firewall, and using it's native ppp >to manage my PPPoE connection. When doing this, one uses ppp's native >NAT, and not natd. > >I have a web cam running on port 80 of a private PC at home, and want to >forward that out to some obscure port on the firewall. Let's just say for >the sake of argument port 4711. > >My firewall (ipfw) rules include : >allow tcp from any to 4711 setup > >I have the same rule on port 80 for the apache server running on the >firewall, and it works. The above rulle I have right beside my port 80 >rule in the this. However, when I try to hit port 4711 from outside, >and do a "ipfw show", it drops right through that rule to about 5 rules >below where I deny all connections from outside (after allowing the few >that I want to allow). > >So I never get to try to see if my NAT rules are correct. In my >/etc/ppp/ppp.conf file I have (among other things) : > > nat enable yes > nat log yes > nat target MYADDR > nat port tcp :80 4711 > >Any ideas why my firewall rule is not allowing the 4711 connection? >I'm stumped! > >Are there any good examples of using PPPoE's NAT in combo with ipfw >to port-forward to something on the private side? > >cheers, >-Alan > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message