Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Jan 2003 14:26:40 -0500
From:      Bill Moran <wmoran@potentialtech.com>
To:        listmail@brightstar.ath.cx
Cc:        Freebsd-questions@FreeBSD.org
Subject:   Re: Access to internal systems
Message-ID:  <3E29AA70.3020504@potentialtech.com>
References:  <3E2950B2.4194.80EFE77F@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
listmail@brightstar.ath.cx wrote:
> Hi - 
> Ive got a number of windows machines running behind a Freebsd 
> gateway to the Internet. The gateway is accessible via an entry at 
> Dyndns.org: bstar.ath.cx.
> 
> What I'd like to do is be able to get to the internal machine (named 
> winmachine1) from the Internet using a construct such as:  
> winmachine.bstar.ath.cx.
> 
> I currently run no name server.
> 
> Can it be done?

Yes and no.

> Do I need to run my own name server?

You don't need to, but it generally makes things easier (as you have
direct control over things)

>  Any advice?

You probably have ipfw running on your firewall.  You can use ipfw's
port forwarding feature to allow certain ports to appear to be on
bstar.ath.cx, while they are actually connecting to winmachine1.
You simply make a DNS entry that says that winmachine.bstar.ath.cs
is the same as bstar.ath.cs
That's the 'yes' part of the answer above.
The no part is that you can't use this method to forward ALL ports.
If you want to have ports open on bstar.ath.cs as well, they won't
be available on winmachine.bstar.ath.cx.

To (hopefully) make it a little clearer:
If you want to run a webserver from winmachine.bstar.ath.cx, and
that's it, and bstar.ath.cx doesn't run a webserver, you simply
forward port 80 from bstar.ath.cx to your internal machine.

If you want to run a webserver on both bstar.ath.cx and the
windows machine you either:
a) can't do it
b) have to move one of the webservers to a nonstandard (unused)
    port - such as 8080

Read the man pages for ipfw, and search the net for ipfw port
forwarding.  I'm sure you find a lot more details.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E29AA70.3020504>