From owner-freebsd-questions@FreeBSD.ORG Tue Mar 2 21:09:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53CCE106566C for ; Tue, 2 Mar 2010 21:09:13 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from ozzie.tundraware.com (ozzie.tundraware.com [75.145.138.73]) by mx1.freebsd.org (Postfix) with ESMTP id EDF318FC0A for ; Tue, 2 Mar 2010 21:09:12 +0000 (UTC) Received: from [192.168.0.2] (viper.tundraware.com [192.168.0.2]) (authenticated bits=0) by ozzie.tundraware.com (8.14.4/8.14.4) with ESMTP id o22L97W3003318 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Tue, 2 Mar 2010 15:09:08 -0600 (CST) (envelope-from tundra@tundraware.com) Message-ID: <4B8D7E79.3040705@tundraware.com> Date: Tue, 02 Mar 2010 15:09:13 -0600 From: Tim Daneliuk User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2 MIME-Version: 1.0 To: FreeBSD Mailing List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (ozzie.tundraware.com [75.145.138.73]); Tue, 02 Mar 2010 15:09:08 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: o22L97W3003318 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No Subject: Help ipfw / nat / JetDirect Pain Appreciated X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 21:09:13 -0000 I would appreciate any insight you folk here might have for the following problem. What I am trying to do is have wireless clients on one network print to a JetDirect-connected printer on another network as follows: Machine A is a NATing firewall (FBSD 8.0) for nonroutable network A - 192.168.0.x Machine A is a NATing wireless router (Linksys WRT-54G) for nonroutable network B - 192.168.1.x Both Machine A and B have static routable addresses and are directly connected to the internet. They are also on the same subnet. In fact, they're plugged into the same switch that the internet hose comes in on. There is an HP Laserjet connected via JetDirect on the first network at 192.168.0.122. I have added this to machine A's NAT config to make that port appear on the outside IP address: redirect_port tcp 192.168.0.102:9100 machine.A.IP.addr:9100 natd was then restarted. I then added this firewall rule on Machine A: ipfw add allow tcp from machine.B.IP.addr to machine.A.IP.addr 9100 And the firewall was restarted. Now, I jump onto a machine on (wireless) Network B and attempt to telnet to port 9100 on machine A, just to see if the port is properly being redirected and I can get to it. Machine A burps out the following in /var/log/security: ipfw: 7500 Deny TCP machine.B.IP.addr:49192 192.168.0.102:9100 in via fxp0 Anyone have an idea what's going on here? It looks like the telnet is attempting to rendezvous on port 49192 but the firewall isn't letting that happen. Any idea how I add a rule to permit this? TIA, -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/