From owner-freebsd-ipfw Wed Sep 25 13:44:29 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C647E37B401; Wed, 25 Sep 2002 13:44:26 -0700 (PDT) Received: from isilon.com (isilon.com [65.101.129.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5895243E65; Wed, 25 Sep 2002 13:44:26 -0700 (PDT) (envelope-from billy@isilon.com) Received: from mouse.isilon.com (mouse.isilon.com [172.16.5.50]) by isilon.com (8.12.2/8.11.1) with ESMTP id g8PKiOUc023950; Wed, 25 Sep 2002 13:44:25 -0700 (PDT) (envelope-from billy@isilon.com) Date: Wed, 25 Sep 2002 13:43:23 -0700 (PDT) From: billy To: Juraj Petrik Cc: freebsd-security@FreeBSD.ORG, Subject: Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease In-Reply-To: <002201c26467$1fdf9270$7a01a8c0@pcjuro> Message-ID: <20020925134258.P75126-100000@mouse.isilon.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 25 Sep 2002, Juraj Petrik wrote: > hello, > can you help me, please, > > I'm trying to run firewall with using > IPFilter, IPNAT and Dummynet, on FreeBSD > > I'm readed so much HOWTOs but, I can't do > redirection to another server in internal > network: > rl0 - WAN (194.x.x.0/24) 194.x.x.22 if FreeBSD box > rl1 - LAN (192.168.1.0/24) 192.168.1.22 if FreeBSD box > rl2 - DMZ (10.0.0.0/24) 10.0.0.22 if FreeBSD box > > my server is now on LAN, not on DMZ. > > I'm using FreeBSD 4.7 prerelease from CVS. > > In kernel config have added: > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=30 > options IPFIREWALL_FORWARD > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPDIVERT > options DUMMYNET > > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK > options RANDOM_IP_ID > > in /etc/rc.conf have: > tcp_extensions="YES" > gateway_enable="YES" > portmap_enable="NO" > > #firewall_enable="YES" > #firewall_type="/etc/dummynet.conf" > #firewall_logging="NO" > > ipfilter_enable="YES" > ipfilter_flags="" > ipfilter_rules="/etc/ipf.conf" > > ipnat_enable="YES" > ipnat_flags="" > ipnat_rules="/etc/ipnat.conf" > > ipmon_enable="YES" > ipmon_flags="-Dns -l block" > > in /etc/ipf.conf: > pass in log all > pass out log all > > in /etc/ipnat.conf: > map rl0 192.168.1.0/24 -> 194.x.x.22/32 > map rl0 0/0 -> 194.x.x.22/32 proxy port ftp ftp/tcp > > map rl0 192.168.1.0/24 -> 194.x.x.22/32 portmap tcp/udp 12500:60000 > map rl0 192.168.1.0/24 -> 194.x.x.22/32 > > rdr rl0 194.x.x.22/32 port 80 -> 192.168.1.35 port 80 > rdr rl0 194.x.x.22/32 port 22 -> 192.168.1.35 port 22 > > NAT from LAN to internet works OK, > but from Internet I can't redirct connect to server > on LAN (192.168.1.35) > > Please help me ANYBODY!!!! > -jp- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message