From owner-freebsd-questions@FreeBSD.ORG Wed Mar 29 03:09:17 2006 Return-Path: X-Original-To: freebsd-questions@FreeBSD.ORG Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F64416A422 for ; Wed, 29 Mar 2006 03:09:17 +0000 (UTC) (envelope-from fbsd_user@a1poweruser.com) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21ECB43D4C for ; Wed, 29 Mar 2006 03:09:16 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([70.39.69.56]) by mta9.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060329030915.UBEN19976.mta9.adelphia.net@barbish> for ; Tue, 28 Mar 2006 22:09:15 -0500 From: "fbsd_user" To: "freebsd-questions@FreeBSD. ORG" Date: Tue, 28 Mar 2006 22:09:14 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Cc: Subject: FBSD 6.0 ipfilter nat redirect not working. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2006 03:09:17 -0000 Been running ipfilter long time. Now with FBSD 6.0 having no joy at getting redirect to web server on LAN to work. This is first time trying this. rl0 is NIC facing the public internet. 10.0.10.4 is the LAN ip address of the web server. Have friend uses http://79.69.59.49:6188/index.htm to target me. The ip address is fake for this posting. # /root >ipnat -l List of active MAP/Redirect filters: map rl0 10.0.10.0/29 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 10.0.10.0/29 -> 0.0.0.0/32 rdr rl0 0.0.0.0/0 port 6188 -> 10.0.10.4 port 80 tcp List of active sessions: RDR 10.0.10.4 80 <- -> 79.69.59.49 6188 [65.45.227.95 2698] MAP 10.0.10.6 1857 <- -> 79.69.59.49 1857 [216.155.193.144 5050] Nothing happens. No ipf.log records on gateway box and no ipf.log records on the LAN web server box. There is firewall rule to log & pass from any to 10.0.10.4 port = 80 keep state And any packet that does not match a firewall rule get logged and dropped. Gateway box has these sysctl nobs set net.inet.ip.forwarding=1 net.inet.ip.sourceroute=0 net.ip.accept_sourceroute=0 >From the active session list, it looks like the rdr command was executed but no packet showed up at the firewall. My question is, does any one have ipfilter nat redirect working on Freebsd 6.0????