From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 27 17:03:42 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5C5841065670
	for <questions@freebsd.org>; Sat, 27 Dec 2008 17:03:42 +0000 (UTC)
	(envelope-from usleepless@gmail.com)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.173])
	by mx1.freebsd.org (Postfix) with ESMTP id 2E8FA8FC19
	for <questions@freebsd.org>; Sat, 27 Dec 2008 17:03:42 +0000 (UTC)
	(envelope-from usleepless@gmail.com)
Received: by wf-out-1314.google.com with SMTP id 24so6239644wfg.7
	for <questions@freebsd.org>; Sat, 27 Dec 2008 09:03:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type:references;
	bh=c+hFTHRHF5ECyC1eSCyxuf54AIJbxiEUhokGbH16xuM=;
	b=n/5pEu8uOi4OxEMG6TmmomDsFYQNUsRsJdbSQ5n7lStTvZKZoVKsPDX09AGHfzoOhY
	JT6FfonZffVn2ecoai/U1EtmCR4rrF50NNrFHNEem850F7wdzRtZ+oGO8zEaBlMHM9jS
	YEnFIG9/cFRLU5qsgvrVV/9G2YqySieeD/X48=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:references;
	b=RrRgz40Yo544+5d/cqwtsEAETSv6OcFlJYITq8qc//46EMz46Un96NIZqmnXjva46v
	/Ybm/e0j0OwIEQkaAYA07yL49Nit+UdnCxJksGlHuIiEfzs8af36xQeZXgI7xUYRMuWr
	w1gv4FWVxZrnn91oRIUyYrHsQxEbtqq2wTESA=
Received: by 10.143.1.12 with SMTP id d12mr4909130wfi.189.1230396053855;
	Sat, 27 Dec 2008 08:40:53 -0800 (PST)
Received: by 10.142.166.4 with HTTP; Sat, 27 Dec 2008 08:40:53 -0800 (PST)
Message-ID: <c39ec84c0812270840r2d66c423p7c9929e2705322e8@mail.gmail.com>
Date: Sat, 27 Dec 2008 17:40:53 +0100
From: usleepless@gmail.com
To: "Richard Yang" <kusanagiyang@gmail.com>
In-Reply-To: <abd417bf0812261227s52c0e950o2821ade2951abc5c@mail.gmail.com>
MIME-Version: 1.0
References: <abd417bf0812261227s52c0e950o2821ade2951abc5c@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: questions@freebsd.org
Subject: Re: nat and ipfw, port forwarding
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Dec 2008 17:03:42 -0000

Hi Ricard,

On Fri, Dec 26, 2008 at 9:27 PM, Richard Yang <kusanagiyang@gmail.com>wrote:

> hi,
> i have a ssh machine behind a freebsd firewall with nat and ipfw.
> how do i make port forwarding so internet can access the ssh machine?
> thanx
>

i think you need to configure /etc/ipnat.conf ( read 'man ipnat' ). this is
a example definition:
rdr em1 0.0.0.0/0 port 2223 -> 192.168.1.96 port 22

( this redirects incoming traffic on outside-interface em1 port 2223 to an
internal machine on port 22 )

also, include "firewall_nat_enable" in your rc.conf ( read 'man rc.conf' )

to configure the settings from ipnat.conf, run "ipnat -C -f /etc/ipnat.conf"

regards,

usleep


> --
>
> Best Regards
>
> Richard Yang
> richardyang@richardyang.net
> kusanagiyang@gmail.com
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>