From owner-freebsd-hackers Thu Jul 16 06:59:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA13672 for freebsd-hackers-outgoing; Thu, 16 Jul 1998 06:59:25 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA13655 for ; Thu, 16 Jul 1998 06:59:23 -0700 (PDT) (envelope-from richard@jezebel.demon.co.uk) Received: from post.mail.demon.net (post-11.mail.demon.net [194.217.242.40]) by freefall.freebsd.org (8.8.8/8.8.5) with SMTP id GAA27590 for ; Thu, 16 Jul 1998 06:58:24 -0700 (PDT) Received: from (work.jezebel.demon.co.uk) [158.152.38.143] by post.mail.demon.net with smtp (Exim 1.82 #2) id 0ywoYq-0003N3-00; Thu, 16 Jul 1998 13:59:04 +0000 Received: from [127.0.0.1] by work.jezebel.demon.co.uk with SMTP id 00614360; Thu, 16 Jul 1998 13:58:41 +0000 Message-ID: <35AE0711.D86870C9@jezebel.demon.co.uk> Date: Thu, 16 Jul 1998 14:58:41 +0100 From: Richard Smith Organization: http://www.trltech.co.uk X-Mailer: Mozilla 4.05 [en] (WinNT; I) MIME-Version: 1.0 To: Thomas David Rivers CC: freebsd-hackers@freefall.cdrom.com Subject: Re: ipfw rules for exposing an internal machine's port externally? References: <199807161205.IAA01215@lakes.dignus.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thomas David Rivers wrote: > > I sent the following to freebsd-questions; but nothing has come of it, > so I thought, perhaps, freebsd-hackers might be a better forum... > > - Thanks - > - Dave Rivers - > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > I thought I should be able to do this; but it doesn't > seem to work well. Perhaps someone knows what I've got wrong here. > > What I have is a machine "X" which is on the external network > and through which I divert all internal traffic on the 10.0.0.x > network via ipfw/natd, as in: > > ipfw add 100 divert 32000 ip from any to any via sl0 > > However, I have an internal machine (10.0.0.10) that's set up > to do telnet connections on a different port (e.g. port #PPPP in > the following example.) > > I would like to make those connections available externally. > > So - I've got added: > > ipfw add 50 pass log tcp from any PPPP to 10.0.0.10 PPPP > ipfw add 50 pass log udp from any PPPP to 10.0.0.10 PPPP > > But, if I telnet to the gateway machine at port PPPP as in: > telnet gateway PPPP > all I get is: > Trying x.x.x.x... > telnet: Unable to connect to remote host: Connection refused > > If I, however, telnet on the internal network to 10.0.0.10 PPPP > I get connected just fine. > > Has anyone done this before? That is, map a particular port number > on one machine to a different one? And, use that with divert to > make a service on an internal machine externally visible? If so, how? > > - Thanks - > - Dave Rivers - > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message Dave, You need to add a static mapping from the #PPPP port on your firewall to the #PPPP port on 10.0.0.10. Add '-redirect_port tcp 10.0.0.10:PPPP PPPP' to the 'natd' command line, and open up your firewall with something like: $fwcmd add pass tcp from any to ${oip} PPPP setup $fwcmd add pass tcp from any to 10.0.0.10 PPPP setup Bye, -- Richard Smith Assistant Chief Engineer TRL Technology Limited To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message