Date: Tue, 28 Mar 2006 22:09:14 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: FBSD 6.0 ipfilter nat redirect not working. Message-ID: <MIEPLLIBMLEEABPDBIEGCEHCHDAA.fbsd_user@a1poweruser.com>
next in thread | raw e-mail | index | archive | help
Been running ipfilter long time. Now with FBSD 6.0 having no joy at getting redirect to web server on LAN to work. This is first time trying this. rl0 is NIC facing the public internet. 10.0.10.4 is the LAN ip address of the web server. Have friend uses http://79.69.59.49:6188/index.htm to target me. The ip address is fake for this posting. # /root >ipnat -l List of active MAP/Redirect filters: map rl0 10.0.10.0/29 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 10.0.10.0/29 -> 0.0.0.0/32 rdr rl0 0.0.0.0/0 port 6188 -> 10.0.10.4 port 80 tcp List of active sessions: RDR 10.0.10.4 80 <- -> 79.69.59.49 6188 [65.45.227.95 2698] MAP 10.0.10.6 1857 <- -> 79.69.59.49 1857 [216.155.193.144 5050] Nothing happens. No ipf.log records on gateway box and no ipf.log records on the LAN web server box. There is firewall rule to log & pass from any to 10.0.10.4 port = 80 keep state And any packet that does not match a firewall rule get logged and dropped. Gateway box has these sysctl nobs set net.inet.ip.forwarding=1 net.inet.ip.sourceroute=0 net.ip.accept_sourceroute=0 >From the active session list, it looks like the rdr command was executed but no packet showed up at the firewall. My question is, does any one have ipfilter nat redirect working on Freebsd 6.0????
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGCEHCHDAA.fbsd_user>