Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 May 2002 02:28:25 -0700 (PDT)
From:      Oli <oli@blacktrap.net>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   ipf/ipnat question
Message-ID:  <20020516092825.69DF537B400@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

Hello,

I have ipf active as firewall on my internet gateway, with ipnat for the 
address translation. The gateway has basically 2 NICs, one to the cable-modem
(dc0) and the other to my home LAN(dc1 -> 192.168.2.0/24), providing internet
access to comps on the LAN.

I can't figure how to get MSN special features like VoiceChat, WhiteBoard and
such to work. I know the different ports MSN uses but is there a way to make
it work through the gateway? My ipfilter rules are basically the default, 
blocking unused ports below 1024 and invalid stuff and allowing anything dc0 
proto tcp/udp with port > 1023. 
Then I tried all kinds of forwarding rules with ipnat such as:

rdr dc0 0/32 port 6891   -> 192.168.2.21 port 6891 tcp/udp
rdr dc0 0/32 port 3389   -> 192.168.2.21 port 3389 tcp/udp
rdr dc0 0/32 port 1503   -> 192.168.2.21 port 1503 tcp/udp

to no avail...

Of course the default NAT rules are active too:

map dc0 192.168.2.0/24 -> 0/32 proxy port ftp ftp/tcp
map dc0 192.168.2.0/24 -> 0/32 portmap tcp/udp 10000:60000
map dc0 192.168.2.0/24 -> 0/32

I only want this to work with one computer on the LAN (2.21) but it doesnt work.
Is it possible at all with ipfilter/ipnat? How? Or do I need some sort of proxy
to translate the addresses inside the messages MSN sends? If that is the case 
what would do the job? 

Any help would be greatly appreciated, I've been looking for an answer for too
long ;-) I wouldn't care about MSN at all, but you know the kind of things 
a girlfriend can make you do... *chuckle*

If there is anything else you need to know about my config, I'll be glad to
provide my config files etc..

Thanks a lot for any help!

-- 
Oli 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516092825.69DF537B400>