Date: Wed, 26 Sep 2007 11:01:31 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "mr. phreak" <nollan@phreaker.net> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW + NATD FORWARDING Message-ID: <44wsudfp2s.fsf@be-well.ilk.org> In-Reply-To: <46F70504.9050709@phreaker.net> (mr. phreak's message of "Mon\, 24 Sep 2007 00\:29\:56 %2B0000") References: <46F70504.9050709@phreaker.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"mr. phreak" <nollan@phreaker.net> writes: > Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of > people have > and I've googled my ass off. Still I can't get it right. I'm trying to > forward port 1213 in/out for dc++ usage. > > this is my setup: > > __WAN router (192.168.1.1) > | > | > (FreeBSD gateway/fw NIC1:ath0 (public) NIC2:rl0 (LAN) ) > | > |__ > LAN (10.10.10.0/24) > > I use stateful rules and I'd like to forward port 1213 both ways using > natd. I know NATD should take care of this as long as i allow port > 1213 in/out from the firewall. I've tried this at almost every > position in the ipfw.rules and now i ask where i should put it?? i.e > it's not there right now. > > I've tried: > > $cmd [num] allow all from any to any 1213 (at various positions in > ipfw.rules) still doesn't work. > > $cmd [num] divert natd all from any to any 1213. > > Can someone help me? Your firewall configuration is rather unconventional, but the basic idea makes sense. What isn't clear is how you want to use this "dc++" program within your infrastructure. Because you are using dynamic rules, I assume that you want the connections to always originate inside your network. If that is the case, you shouldn't need any special configuration to natd (because every connection will be learned from the initial packet). If that's not the case, you will need to pick one internal machine to receive the connections coming in from outside.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44wsudfp2s.fsf>