Date: Tue, 14 May 2002 19:56:52 +0200 From: "Aragon Gouveia" <aragon@phat.za.net> To: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>, <freebsd-security@freebsd.org> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Message-ID: <005501c1fb70$bb32ebb0$01000001@aragon> References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung>
next in thread | previous in thread | raw e-mail | index | archive | help
Howdy, Have you tried an ipfw fwd rule? Regards, Aragon ----- Original Message ----- From: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com> To: <freebsd-security@freebsd.org> Sent: Tuesday, May 14, 2002 4:52 PM Subject: ipfw + nat + port_redirect - works, but not for the internal net > Hi Guys! > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > xl0 - external interface > xl1 - internal interface > > ipfw and natd + port_redirect works just fine! > > My problem is that when someone from the internal network > is trying to hit external_IP:redirected_port, the redirection > is not working for him - connection refused. > It works only for host from outside (Internet). > > For simplicity lets assume that the firewall type is *open*. > > What rules to ipfw or natd I need in order to permit > the port redirection to works for the internal hosts, also? > > I RTFM, I search the archives but I didn't found a clear > answer to that situation. > > This is common problem to the corporate servers behind > firewalls_with_natd_and_redirected_port and probably deserve > to be into FreeBSD handbook - otherwise, good documentation! > > There is some security concerns *is port_redirection a good idea > at all*, but that's it I need this working - don't ask why ;-) > > Thanks in advance! > > --Miro > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005501c1fb70$bb32ebb0$01000001>