From owner-freebsd-questions Sat Jan 18 11:27:59 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95A0937B401 for ; Sat, 18 Jan 2003 11:27:57 -0800 (PST) Received: from mail.adelphia.net (pa-plum1b-166.pit.adelphia.net [24.53.161.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB5A143F1E for ; Sat, 18 Jan 2003 11:27:56 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([172.16.0.95]) by mail.adelphia.net (8.12.3/8.12.3) with ESMTP id h0IJT3SY000383; Sat, 18 Jan 2003 14:29:03 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E29AA70.3020504@potentialtech.com> Date: Sat, 18 Jan 2003 14:26:40 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: listmail@brightstar.ath.cx Cc: Freebsd-questions@FreeBSD.org Subject: Re: Access to internal systems References: <3E2950B2.4194.80EFE77F@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG listmail@brightstar.ath.cx wrote: > Hi - > Ive got a number of windows machines running behind a Freebsd > gateway to the Internet. The gateway is accessible via an entry at > Dyndns.org: bstar.ath.cx. > > What I'd like to do is be able to get to the internal machine (named > winmachine1) from the Internet using a construct such as: > winmachine.bstar.ath.cx. > > I currently run no name server. > > Can it be done? Yes and no. > Do I need to run my own name server? You don't need to, but it generally makes things easier (as you have direct control over things) > Any advice? You probably have ipfw running on your firewall. You can use ipfw's port forwarding feature to allow certain ports to appear to be on bstar.ath.cx, while they are actually connecting to winmachine1. You simply make a DNS entry that says that winmachine.bstar.ath.cs is the same as bstar.ath.cs That's the 'yes' part of the answer above. The no part is that you can't use this method to forward ALL ports. If you want to have ports open on bstar.ath.cs as well, they won't be available on winmachine.bstar.ath.cx. To (hopefully) make it a little clearer: If you want to run a webserver from winmachine.bstar.ath.cx, and that's it, and bstar.ath.cx doesn't run a webserver, you simply forward port 80 from bstar.ath.cx to your internal machine. If you want to run a webserver on both bstar.ath.cx and the windows machine you either: a) can't do it b) have to move one of the webservers to a nonstandard (unused) port - such as 8080 Read the man pages for ipfw, and search the net for ipfw port forwarding. I'm sure you find a lot more details. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message