From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 11 08:54:17 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2F0AD37B401; Fri, 11 Jul 2003 08:54:17 -0700 (PDT)
Received: from hp.ulstu.ru (ns.ulstu.ru [62.76.34.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9E75443F3F; Fri, 11 Jul 2003 08:54:13 -0700 (PDT)
	(envelope-from zaa@ulstu.ru)
Received: by hp.ulstu.ru (Postfix, from userid 3909)
	id 6E9F782; Fri, 11 Jul 2003 19:54:09 +0400 (MSD)
Date: Fri, 11 Jul 2003 19:54:09 +0400
From: zhuravlev alexander <zaa@ulstu.ru>
To: Tom Servo <xtomservox@hotpop.com>
Message-ID: <20030711155409.GA40321@hp.ulstu.ru>
Mail-Followup-To: Tom Servo <xtomservox@hotpop.com>,
	freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org
References: <0193271C683D5844A478A359271B8F66147B06@DC1.dynatec.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <0193271C683D5844A478A359271B8F66147B06@DC1.dynatec.com>
User-Agent: Mutt/1.4.1i
cc: freebsd-hackers@freebsd.org
cc: freebsd-questions@freebsd.org
Subject: Re: IPFW fun
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: zhuravlev alexander <zaa@ulstu.ru>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2003 15:54:17 -0000

On Fri, Jul 11, 2003 at 11:07:55AM -0400, Tom Servo wrote:
> Hey-
> I have a freebsd gateway machine that runs ipfw and nat for my home network
> and I want to add a rule that redirects VNC packets through the gateway to
> my windows machine so that I can VNC to my home machine to do some stuff.
> How should I phrase the rule correctly without screwing up the natd service?
> I am guessing it should go something like this: ipfw add 1000 divert 8888 ip
> from any to 192.168.0.253:5800 via ep1 Is this correct?  I need it to only
> redirect packets for the VNC port. Thanks -ts

[ Cc'ed to freebsd-questions ... ]

in case of inbound nat ....  

in rc.firewall

ipfw add 1000 divert natd tcp from any to 192.168.0.253 5800 in recv ep1
ipfw add 1000 divert natd tcp from <internal_ip> 5800 to any 


/etc/natd.conf
interfase ep1
use_sockets yes
same_ports yes
redirect_port tcp <internal_ip>:5800 192.168.0.253:5800  

/sbin/natd -f /etc/natd 
sh /etc/rc.firewall 

	                             -- zhuravlev alexander
				             (zaa@ulstu.ru)