Date: Fri, 21 Sep 2001 19:00:33 -0400 From: The Anarcat <anarcat@anarcat.dyndns.org> To: freebsd-questions@freebsd.org Subject: can't make redirect_port work in natd.conf Message-ID: <20010921190033.A8843@shall.anarcat.dyndns.org>
next in thread | raw e-mail | index | archive | help
--AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I have a NAT router setup here for my ADSL connection. I decided to enable an internal webserver and make it externally available.=20 For testing purposes, I tried aliasing it to 8080, so that I could test the connection and firewall rules necessary, while keeping my old webserver online. I figured out how to make it, but it was odd. I had to add the following rules after the rule 300 (loopback setup in default setup): allow tcp from any to 192.168.0.2 80 out xmit ep1 setup allow tcp from any to 192.168.0.2 80 in recv tun0 setup allow tcp from 192.168.0.2 80 to any established allow tcp from any to 192.168.0.2 80 established I also had to add a allow tcp from any to me 80,8080 in recv tun0 setup to allow connections to 8080. But I could place this after the divert rule... This is odd for me, but it makes it work *for 8080*. This is with the line: redirect_port tcp 192.168.0.2:80 8080 in my natd.conf. If I replace this line with: redirect_port tcp 192.168.0.2:80 80 and restart natd, the 8080 alias is still in place! And the real alias (80 -> 80) doesn't work!!! Maybe I just don't understand how natd and ipfw interact... This is my natd.conf: su-2.05# cat natd.conf=20 # logging log yes log_denied yes log_facility security # useful dynamic yes interface tun0 use_sockets yes same_ports yes # redirect http to shall redirect_port tcp 192.168.0.2:80 8080 su-2.05#=20 Any ideas? A. --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Pour information voir http://www.gnupg.org iEYEARECAAYFAjurxpAACgkQttcWHAnWiGe3WACfYwYqr4vtClYXr0SBiYS9/LZt rOYAoIT5nybMVjc2vpkUfEg3nIEwlzca =FUoz -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921190033.A8843>